Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(60)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/WebCore/dom/ScriptElement.cpp

Issue 13724004: Remove the ENABLE_NOSNIFF compile-time flag. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Rebase. Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | Source/WebCore/loader/cache/CachedScript.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2001 Dirk Mueller (mueller@kde.org) 4 * (C) 2001 Dirk Mueller (mueller@kde.org)
5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv ed. 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv ed.
6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> 6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org>
7 * 7 *
8 * This library is free software; you can redistribute it and/or 8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Library General Public 9 * modify it under the terms of the GNU Library General Public
10 * License as published by the Free Software Foundation; either 10 * License as published by the Free Software Foundation; either
(...skipping 276 matching lines...) Expand 10 before | Expand all | Expand 10 after
287 287
288 if (sourceCode.isEmpty()) 288 if (sourceCode.isEmpty())
289 return; 289 return;
290 290
291 if (!m_element->document()->contentSecurityPolicy()->allowScriptNonce(m_elem ent->fastGetAttribute(HTMLNames::nonceAttr), m_element->document()->url(), m_sta rtLineNumber)) 291 if (!m_element->document()->contentSecurityPolicy()->allowScriptNonce(m_elem ent->fastGetAttribute(HTMLNames::nonceAttr), m_element->document()->url(), m_sta rtLineNumber))
292 return; 292 return;
293 293
294 if (!m_isExternalScript && !m_element->document()->contentSecurityPolicy()-> allowInlineScript(m_element->document()->url(), m_startLineNumber)) 294 if (!m_isExternalScript && !m_element->document()->contentSecurityPolicy()-> allowInlineScript(m_element->document()->url(), m_startLineNumber))
295 return; 295 return;
296 296
297 #if ENABLE(NOSNIFF)
298 if (m_isExternalScript && m_cachedScript && !m_cachedScript->mimeTypeAllowed ByNosniff()) { 297 if (m_isExternalScript && m_cachedScript && !m_cachedScript->mimeTypeAllowed ByNosniff()) {
299 m_element->document()->addConsoleMessage(SecurityMessageSource, ErrorMes sageLevel, "Refused to execute script from '" + m_cachedScript->url().elidedStri ng() + "' because its MIME type ('" + m_cachedScript->mimeType() + "') is not ex ecutable, and strict MIME type checking is enabled."); 298 m_element->document()->addConsoleMessage(SecurityMessageSource, ErrorMes sageLevel, "Refused to execute script from '" + m_cachedScript->url().elidedStri ng() + "' because its MIME type ('" + m_cachedScript->mimeType() + "') is not ex ecutable, and strict MIME type checking is enabled.");
300 return; 299 return;
301 } 300 }
302 #endif
303 301
304 RefPtr<Document> document = m_element->document(); 302 RefPtr<Document> document = m_element->document();
305 ASSERT(document); 303 ASSERT(document);
306 if (Frame* frame = document->frame()) { 304 if (Frame* frame = document->frame()) {
307 { 305 {
308 IgnoreDestructiveWriteCountIncrementer ignoreDesctructiveWriteCountI ncrementer(m_isExternalScript ? document.get() : 0); 306 IgnoreDestructiveWriteCountIncrementer ignoreDesctructiveWriteCountI ncrementer(m_isExternalScript ? document.get() : 0);
309 // Create a script from the script element node, using the script 307 // Create a script from the script element node, using the script
310 // block's source and the script block's type. 308 // block's source and the script block's type.
311 // Note: This is where the script is compiled and actually executed. 309 // Note: This is where the script is compiled and actually executed.
312 frame->script()->evaluate(sourceCode); 310 frame->script()->evaluate(sourceCode);
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after
421 419
422 #if ENABLE(SVG) 420 #if ENABLE(SVG)
423 if (element->isSVGElement() && element->hasTagName(SVGNames::scriptTag)) 421 if (element->isSVGElement() && element->hasTagName(SVGNames::scriptTag))
424 return static_cast<SVGScriptElement*>(element); 422 return static_cast<SVGScriptElement*>(element);
425 #endif 423 #endif
426 424
427 return 0; 425 return 0;
428 } 426 }
429 427
430 } 428 }
OLDNEW
« no previous file with comments | « no previous file | Source/WebCore/loader/cache/CachedScript.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698