| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
| 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
| 4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
| 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv
ed. | 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv
ed. |
| 6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> | 6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> |
| 7 * | 7 * |
| 8 * This library is free software; you can redistribute it and/or | 8 * This library is free software; you can redistribute it and/or |
| 9 * modify it under the terms of the GNU Library General Public | 9 * modify it under the terms of the GNU Library General Public |
| 10 * License as published by the Free Software Foundation; either | 10 * License as published by the Free Software Foundation; either |
| (...skipping 248 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 259 if (frame) { | 259 if (frame) { |
| 260 ScriptStreamer::startStreaming(m_pendingScript, frame->settings(), S
criptState::forMainWorld(frame)); | 260 ScriptStreamer::startStreaming(m_pendingScript, frame->settings(), S
criptState::forMainWorld(frame)); |
| 261 } | 261 } |
| 262 contextDocument->scriptRunner()->queueScriptForExecution(this, ScriptRun
ner::ASYNC_EXECUTION); | 262 contextDocument->scriptRunner()->queueScriptForExecution(this, ScriptRun
ner::ASYNC_EXECUTION); |
| 263 // Note that watchForLoad can immediately call notifyFinished. | 263 // Note that watchForLoad can immediately call notifyFinished. |
| 264 m_pendingScript.watchForLoad(this); | 264 m_pendingScript.watchForLoad(this); |
| 265 } else { | 265 } else { |
| 266 // Reset line numbering for nested writes. | 266 // Reset line numbering for nested writes. |
| 267 TextPosition position = elementDocument.isInDocumentWrite() ? TextPositi
on() : scriptStartPosition; | 267 TextPosition position = elementDocument.isInDocumentWrite() ? TextPositi
on() : scriptStartPosition; |
| 268 KURL scriptURL = (!elementDocument.isInDocumentWrite() && m_parserInsert
ed) ? elementDocument.url() : KURL(); | 268 KURL scriptURL = (!elementDocument.isInDocumentWrite() && m_parserInsert
ed) ? elementDocument.url() : KURL(); |
| 269 if (!executeScript(ScriptSourceCode(scriptContent(), scriptURL, position
))) | 269 if (!executeScript(ScriptSourceCode(scriptContent(), scriptURL, position
))) { |
| 270 dispatchErrorEvent(); |
| 270 return false; | 271 return false; |
| 272 } |
| 271 } | 273 } |
| 272 | 274 |
| 273 return true; | 275 return true; |
| 274 } | 276 } |
| 275 | 277 |
| 276 bool ScriptLoader::fetchScript(const String& sourceUrl, FetchRequest::DeferOptio
n defer) | 278 bool ScriptLoader::fetchScript(const String& sourceUrl, FetchRequest::DeferOptio
n defer) |
| 277 { | 279 { |
| 278 ASSERT(m_element); | 280 ASSERT(m_element); |
| 279 | 281 |
| 280 RefPtrWillBeRawPtr<Document> elementDocument(m_element->document()); | 282 RefPtrWillBeRawPtr<Document> elementDocument(m_element->document()); |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 330 if (!contextDocument) | 332 if (!contextDocument) |
| 331 return true; | 333 return true; |
| 332 | 334 |
| 333 LocalFrame* frame = contextDocument->frame(); | 335 LocalFrame* frame = contextDocument->frame(); |
| 334 | 336 |
| 335 const ContentSecurityPolicy* csp = elementDocument->contentSecurityPolicy(); | 337 const ContentSecurityPolicy* csp = elementDocument->contentSecurityPolicy(); |
| 336 bool shouldBypassMainWorldCSP = (frame && frame->script().shouldBypassMainWo
rldCSP()) | 338 bool shouldBypassMainWorldCSP = (frame && frame->script().shouldBypassMainWo
rldCSP()) |
| 337 || csp->allowScriptWithNonce(m_element->fastGetAttribute(HTMLNames::nonc
eAttr)) | 339 || csp->allowScriptWithNonce(m_element->fastGetAttribute(HTMLNames::nonc
eAttr)) |
| 338 || csp->allowScriptWithHash(sourceCode.source()); | 340 || csp->allowScriptWithHash(sourceCode.source()); |
| 339 | 341 |
| 340 if (!m_isExternalScript && (!shouldBypassMainWorldCSP && !csp->allowInlineSc
ript(elementDocument->url(), m_startLineNumber, sourceCode.source()))) | 342 if (!m_isExternalScript && (!shouldBypassMainWorldCSP && !csp->allowInlineSc
ript(elementDocument->url(), m_startLineNumber, sourceCode.source()))) { |
| 341 return true; | 343 return false; |
| 344 } |
| 342 | 345 |
| 343 if (m_isExternalScript) { | 346 if (m_isExternalScript) { |
| 344 ScriptResource* resource = m_resource ? m_resource.get() : sourceCode.re
source(); | 347 ScriptResource* resource = m_resource ? m_resource.get() : sourceCode.re
source(); |
| 345 if (resource && !resource->mimeTypeAllowedByNosniff()) { | 348 if (resource && !resource->mimeTypeAllowedByNosniff()) { |
| 346 contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMe
ssageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->u
rl().elidedString() + "' because its MIME type ('" + resource->mimeType() + "')
is not executable, and strict MIME type checking is enabled.")); | 349 contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMe
ssageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->u
rl().elidedString() + "' because its MIME type ('" + resource->mimeType() + "')
is not executable, and strict MIME type checking is enabled.")); |
| 347 return true; | 350 return false; |
| 348 } | 351 } |
| 349 | 352 |
| 350 if (resource && resource->mimeType().lower().startsWith("image/")) { | 353 if (resource && resource->mimeType().lower().startsWith("image/")) { |
| 351 contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMe
ssageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->u
rl().elidedString() + "' because its MIME type ('" + resource->mimeType() + "')
is not executable.")); | 354 contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMe
ssageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->u
rl().elidedString() + "' because its MIME type ('" + resource->mimeType() + "')
is not executable.")); |
| 352 UseCounter::count(frame, UseCounter::BlockedSniffingImageToScript); | 355 UseCounter::count(frame, UseCounter::BlockedSniffingImageToScript); |
| 353 return true; | 356 return false; |
| 354 } | 357 } |
| 355 } | 358 } |
| 356 | 359 |
| 357 // FIXME: Can this be moved earlier in the function? | 360 // FIXME: Can this be moved earlier in the function? |
| 358 // Why are we ever attempting to execute scripts without a frame? | 361 // Why are we ever attempting to execute scripts without a frame? |
| 359 if (!frame) | 362 if (!frame) |
| 360 return true; | 363 return true; |
| 361 | 364 |
| 362 AccessControlStatus corsCheck = NotSharableCrossOrigin; | 365 AccessControlStatus corsCheck = NotSharableCrossOrigin; |
| 363 if (!m_isExternalScript || (sourceCode.resource() && sourceCode.resource()->
passesAccessControlCheck(m_element->document().securityOrigin()))) | 366 if (!m_isExternalScript || (sourceCode.resource() && sourceCode.resource()->
passesAccessControlCheck(m_element->document().securityOrigin()))) |
| (...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 483 if (isHTMLScriptLoader(element)) | 486 if (isHTMLScriptLoader(element)) |
| 484 return toHTMLScriptElement(element)->loader(); | 487 return toHTMLScriptElement(element)->loader(); |
| 485 | 488 |
| 486 if (isSVGScriptLoader(element)) | 489 if (isSVGScriptLoader(element)) |
| 487 return toSVGScriptElement(element)->loader(); | 490 return toSVGScriptElement(element)->loader(); |
| 488 | 491 |
| 489 return 0; | 492 return 0; |
| 490 } | 493 } |
| 491 | 494 |
| 492 } // namespace blink | 495 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1032033002:
Fire error events for a variety of script and style failures. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master