Index: Source/core/page/DOMSecurityPolicy.cpp |
diff --git a/Source/core/page/DOMSecurityPolicy.cpp b/Source/core/page/DOMSecurityPolicy.cpp |
index 97f91bc5c20e8f74c1db16ee7e3b262a231ed363..bacf8ae68b6fbe5518fecb6656332e2eae8b9f51 100644 |
--- a/Source/core/page/DOMSecurityPolicy.cpp |
+++ b/Source/core/page/DOMSecurityPolicy.cpp |
@@ -70,6 +70,28 @@ bool isAllowedWithURL(ScriptExecutionContext* context, const String& url) |
return (context->contentSecurityPolicy()->*allowWithURL)(parsedURL, ContentSecurityPolicy::SuppressReport); |
} |
+template<bool (ContentSecurityPolicy::*allowWithURLAndNonce)(const KURL&, const String&, ContentSecurityPolicy::ReportingStatus) const> |
+bool isAllowedWithURLAndNonce(ScriptExecutionContext* context, const String& url, const String& nonce) |
+{ |
+ if (!isPolicyActiveInContext(context)) |
+ return true; |
+ |
+ KURL parsedURL = context->completeURL(url); |
+ if (!parsedURL.isValid()) |
+ return false; // FIXME: Figure out how to throw a JavaScript error. |
+ |
+ return (context->contentSecurityPolicy()->*allowWithURLAndNonce)(parsedURL, nonce, ContentSecurityPolicy::SuppressReport); |
+} |
+ |
+template<bool (ContentSecurityPolicy::*allowWithNonce)(const String&, const String&, const WTF::OrdinalNumber&, ContentSecurityPolicy::ReportingStatus) const> |
+bool isAllowedWithNonce(ScriptExecutionContext* context, const String& nonce) |
+{ |
+ if (!isPolicyActiveInContext(context)) |
+ return true; |
+ |
+ return (context->contentSecurityPolicy()->*allowWithNonce)(nonce, String(), WTF::OrdinalNumber::beforeFirst(), ContentSecurityPolicy::SuppressReport); |
+} |
+ |
template<bool (ContentSecurityPolicy::*allowWithContext)(const String&, const WTF::OrdinalNumber&, ContentSecurityPolicy::ReportingStatus) const> |
bool isAllowed(ScriptExecutionContext* context) |
{ |
@@ -78,7 +100,6 @@ bool isAllowed(ScriptExecutionContext* context) |
return (context->contentSecurityPolicy()->*allowWithContext)(String(), WTF::OrdinalNumber::beforeFirst(), ContentSecurityPolicy::SuppressReport); |
} |
- |
abarth-chromium
2013/05/14 05:58:16
You should leave this blank line.
jww
2013/05/14 20:49:30
Done.
|
} // namespace |
DOMSecurityPolicy::DOMSecurityPolicy(ScriptExecutionContext* context) |
@@ -107,7 +128,7 @@ PassRefPtr<DOMStringList> DOMSecurityPolicy::reportURIs() const |
bool DOMSecurityPolicy::allowsInlineScript() const |
{ |
- return isAllowed<&ContentSecurityPolicy::allowInlineScript>(scriptExecutionContext()); |
+ return isAllowedWithNonce<&ContentSecurityPolicy::allowInlineScript>(scriptExecutionContext(), String()); |
} |
bool DOMSecurityPolicy::allowsInlineStyle() const |
@@ -166,7 +187,7 @@ bool DOMSecurityPolicy::allowsPluginType(const String& type) const |
bool DOMSecurityPolicy::allowsScriptFrom(const String& url) const |
{ |
- return isAllowedWithURL<&ContentSecurityPolicy::allowScriptFromSource>(scriptExecutionContext(), url); |
+ return isAllowedWithURLAndNonce<&ContentSecurityPolicy::allowScriptFromSource>(scriptExecutionContext(), url, String()); |
} |
bool DOMSecurityPolicy::allowsStyleFrom(const String& url) const |