1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
/*
* Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
* Copyright (C) 2001 Peter Kelly (pmk@post.com)
* Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include "config.h"
#include "ScriptController.h"
#include "Frame.h"
#include "FrameLoaderClient.h"
#include "Page.h"
#include "ScriptSourceCode.h"
#include "ScriptValue.h"
#include "Settings.h"
#include "XSSAuditor.h"
namespace WebCore {
bool ScriptController::canExecuteScripts(ReasonForCallingCanExecuteScripts reason)
{
// FIXME: We should get this information from the document instead of the frame.
if (m_frame->loader()->isSandboxed(SandboxScripts))
return false;
Settings* settings = m_frame->settings();
const bool allowed = m_frame->loader()->client()->allowJavaScript(settings && settings->isJavaScriptEnabled());
if (!allowed && reason == AboutToExecuteScript)
m_frame->loader()->client()->didNotAllowScript();
return allowed;
}
ScriptValue ScriptController::executeScript(const String& script, bool forceUserGesture, ShouldAllowXSS shouldAllowXSS)
{
return executeScript(ScriptSourceCode(script, forceUserGesture ? KURL() : m_frame->loader()->url()), shouldAllowXSS);
}
ScriptValue ScriptController::executeScript(const ScriptSourceCode& sourceCode, ShouldAllowXSS shouldAllowXSS)
{
if (!canExecuteScripts(AboutToExecuteScript) || isPaused())
return ScriptValue();
bool wasInExecuteScript = m_inExecuteScript;
m_inExecuteScript = true;
ScriptValue result = evaluate(sourceCode, shouldAllowXSS);
if (!wasInExecuteScript) {
m_inExecuteScript = false;
Document::updateStyleForAllDocuments();
}
return result;
}
bool ScriptController::executeIfJavaScriptURL(const KURL& url, bool userGesture, ShouldReplaceDocumentIfJavaScriptURL shouldReplaceDocumentIfJavaScriptURL)
{
if (!protocolIsJavaScript(url))
return false;
if (!m_frame->page())
return true;
if (!m_frame->page()->javaScriptURLsAreAllowed())
return true;
if (m_frame->inViewSourceMode())
return true;
// We need to hold onto the Frame here because executing script can
// destroy the frame.
RefPtr<Frame> protector(m_frame);
const int javascriptSchemeLength = sizeof("javascript:") - 1;
String decodedURL = decodeURLEscapeSequences(url.string());
ScriptValue result;
if (xssAuditor()->canEvaluateJavaScriptURL(decodedURL))
result = executeScript(decodedURL.substring(javascriptSchemeLength), userGesture, AllowXSS);
// If executing script caused this frame to be removed from the page, we
// don't want to try to replace its document!
if (!m_frame->page())
return true;
String scriptResult;
#if USE(JSC)
JSDOMWindowShell* shell = windowShell(mainThreadNormalWorld());
JSC::ExecState* exec = shell->window()->globalExec();
if (!result.getString(exec, scriptResult))
return true;
#else
if (!result.getString(scriptResult))
return true;
#endif
// FIXME: We should always replace the document, but doing so
// synchronously can cause crashes:
// http://bugs.webkit.org/show_bug.cgi?id=16782
if (shouldReplaceDocumentIfJavaScriptURL == ReplaceDocumentIfJavaScriptURL)
m_frame->loader()->writer()->replaceDocument(scriptResult);
return true;
}
} // namespace WebCore
|
