OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv ed. | 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv ed. |
6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> | 6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> |
7 * | 7 * |
8 * This library is free software; you can redistribute it and/or | 8 * This library is free software; you can redistribute it and/or |
9 * modify it under the terms of the GNU Library General Public | 9 * modify it under the terms of the GNU Library General Public |
10 * License as published by the Free Software Foundation; either | 10 * License as published by the Free Software Foundation; either |
(...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
247 return true; | 247 return true; |
248 } | 248 } |
249 | 249 |
250 bool ScriptElement::requestScript(const String& sourceUrl) | 250 bool ScriptElement::requestScript(const String& sourceUrl) |
251 { | 251 { |
252 RefPtr<Document> originalDocument = m_element->document(); | 252 RefPtr<Document> originalDocument = m_element->document(); |
253 if (!m_element->dispatchBeforeLoadEvent(sourceUrl)) | 253 if (!m_element->dispatchBeforeLoadEvent(sourceUrl)) |
254 return false; | 254 return false; |
255 if (!m_element->inDocument() || m_element->document() != originalDocument) | 255 if (!m_element->inDocument() || m_element->document() != originalDocument) |
256 return false; | 256 return false; |
257 if (!m_element->document()->contentSecurityPolicy()->allowScriptNonce(m_elem ent->fastGetAttribute(HTMLNames::nonceAttr), m_element->document()->url(), m_sta rtLineNumber, m_element->document()->completeURL(sourceUrl))) | |
258 return false; | |
259 | 257 |
260 ASSERT(!m_cachedScript); | 258 ASSERT(!m_cachedScript); |
261 if (!stripLeadingAndTrailingHTMLSpaces(sourceUrl).isEmpty()) { | 259 if (!stripLeadingAndTrailingHTMLSpaces(sourceUrl).isEmpty()) { |
262 CachedResourceRequest request(ResourceRequest(m_element->document()->com pleteURL(sourceUrl))); | 260 CachedResourceRequest request(ResourceRequest(m_element->document()->com pleteURL(sourceUrl))); |
263 | 261 |
264 String crossOriginMode = m_element->fastGetAttribute(HTMLNames::crossori ginAttr); | 262 String crossOriginMode = m_element->fastGetAttribute(HTMLNames::crossori ginAttr); |
265 if (!crossOriginMode.isNull()) { | 263 if (!crossOriginMode.isNull()) { |
266 m_requestUsesAccessControl = true; | 264 m_requestUsesAccessControl = true; |
267 StoredCredentials allowCredentials = equalIgnoringCase(crossOriginMo de, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials; | 265 StoredCredentials allowCredentials = equalIgnoringCase(crossOriginMo de, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials; |
268 updateRequestForAccessControl(request.mutableResourceRequest(), m_el ement->document()->securityOrigin(), allowCredentials); | 266 updateRequestForAccessControl(request.mutableResourceRequest(), m_el ement->document()->securityOrigin(), allowCredentials); |
(...skipping 17 matching lines...) Expand all Loading... | |
286 { | 284 { |
287 ASSERT(m_alreadyStarted); | 285 ASSERT(m_alreadyStarted); |
288 | 286 |
289 if (sourceCode.isEmpty()) | 287 if (sourceCode.isEmpty()) |
290 return; | 288 return; |
291 | 289 |
292 RefPtr<Document> document = m_element->document(); | 290 RefPtr<Document> document = m_element->document(); |
293 Frame* frame = document->frame(); | 291 Frame* frame = document->frame(); |
294 | 292 |
295 bool shouldBypassMainWorldContentSecurityPolicy = (frame && frame->script()- >shouldBypassMainWorldContentSecurityPolicy()); | 293 bool shouldBypassMainWorldContentSecurityPolicy = (frame && frame->script()- >shouldBypassMainWorldContentSecurityPolicy()); |
296 if (!shouldBypassMainWorldContentSecurityPolicy && !document->contentSecurit yPolicy()->allowScriptNonce(m_element->fastGetAttribute(HTMLNames::nonceAttr), d ocument->url(), m_startLineNumber)) | |
297 return; | |
298 | 294 |
299 if (!m_isExternalScript && (!shouldBypassMainWorldContentSecurityPolicy && ! document->contentSecurityPolicy()->allowInlineScript(document->url(), m_startLin eNumber))) | 295 const String& nonce = m_element->fastGetAttribute(HTMLNames::nonceAttr); |
296 if (!m_isExternalScript && (!shouldBypassMainWorldContentSecurityPolicy && ! document->contentSecurityPolicy()->allowInlineScript(nonce, document->url(), m_s tartLineNumber))) | |
Mike West
2013/05/14 08:07:38
Nit: You probably don't need the temp variable her
jww
2013/05/14 20:49:30
Done.
| |
300 return; | 297 return; |
301 | 298 |
302 if (m_isExternalScript && m_cachedScript && !m_cachedScript->mimeTypeAllowed ByNosniff()) { | 299 if (m_isExternalScript && m_cachedScript && !m_cachedScript->mimeTypeAllowed ByNosniff()) { |
303 document->addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, "R efused to execute script from '" + m_cachedScript->url().elidedString() + "' bec ause its MIME type ('" + m_cachedScript->mimeType() + "') is not executable, and strict MIME type checking is enabled."); | 300 document->addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, "R efused to execute script from '" + m_cachedScript->url().elidedString() + "' bec ause its MIME type ('" + m_cachedScript->mimeType() + "') is not executable, and strict MIME type checking is enabled."); |
304 return; | 301 return; |
305 } | 302 } |
306 | 303 |
307 if (frame) { | 304 if (frame) { |
308 { | 305 { |
309 IgnoreDestructiveWriteCountIncrementer ignoreDesctructiveWriteCountI ncrementer(m_isExternalScript ? document.get() : 0); | 306 IgnoreDestructiveWriteCountIncrementer ignoreDesctructiveWriteCountI ncrementer(m_isExternalScript ? document.get() : 0); |
(...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
422 | 419 |
423 #if ENABLE(SVG) | 420 #if ENABLE(SVG) |
424 if (element->isSVGElement() && element->hasTagName(SVGNames::scriptTag)) | 421 if (element->isSVGElement() && element->hasTagName(SVGNames::scriptTag)) |
425 return static_cast<SVGScriptElement*>(element); | 422 return static_cast<SVGScriptElement*>(element); |
426 #endif | 423 #endif |
427 | 424 |
428 return 0; | 425 return 0; |
429 } | 426 } |
430 | 427 |
431 } | 428 } |
OLD | NEW |