OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) | 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) |
6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r
ights reserved. | 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r
ights reserved. |
7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t
orchmobile.com/) | 7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t
orchmobile.com/) |
8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. | 8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. |
9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) | 9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) |
10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved. | 10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved. |
(...skipping 4997 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5008 } | 5008 } |
5009 contentSecurityPolicy()->bindToExecutionContext(this); | 5009 contentSecurityPolicy()->bindToExecutionContext(this); |
5010 } | 5010 } |
5011 | 5011 |
5012 bool Document::isSecureTransitionTo(const KURL& url) const | 5012 bool Document::isSecureTransitionTo(const KURL& url) const |
5013 { | 5013 { |
5014 RefPtr<SecurityOrigin> other = SecurityOrigin::create(url); | 5014 RefPtr<SecurityOrigin> other = SecurityOrigin::create(url); |
5015 return getSecurityOrigin()->canAccess(other.get()); | 5015 return getSecurityOrigin()->canAccess(other.get()); |
5016 } | 5016 } |
5017 | 5017 |
5018 bool Document::allowInlineEventHandlers(Node* node, EventListener* listener, con
st String& contextURL, const WTF::OrdinalNumber& contextLine) | 5018 bool Document::allowInlineEventHandler(Node* node, EventListener* listener, cons
t String& contextURL, const WTF::OrdinalNumber& contextLine) |
5019 { | 5019 { |
5020 bool allowedByHash = contentSecurityPolicy()->experimentalFeaturesEnabled()
&& contentSecurityPolicy()->allowScriptWithHash(listener->code()); | 5020 if (!ContentSecurityPolicy::shouldBypassMainWorld(this) && !contentSecurityP
olicy()->allowInlineEventHandler(listener->code(), contextURL, contextLine)) |
5021 if (!ContentSecurityPolicy::shouldBypassMainWorld(this) && !allowedByHash &&
!contentSecurityPolicy()->allowInlineEventHandlers(contextURL, contextLine)) | |
5022 return false; | 5021 return false; |
5023 | 5022 |
5024 // HTML says that inline script needs browsing context to create its executi
on environment. | 5023 // HTML says that inline script needs browsing context to create its executi
on environment. |
5025 // http://www.whatwg.org/specs/web-apps/current-work/multipage/webappapis.ht
ml#event-handler-attributes | 5024 // http://www.whatwg.org/specs/web-apps/current-work/multipage/webappapis.ht
ml#event-handler-attributes |
5026 // Also, if the listening node came from other document, which happens on co
ntext-less event dispatching, | 5025 // Also, if the listening node came from other document, which happens on co
ntext-less event dispatching, |
5027 // we also need to ask the owner document of the node. | 5026 // we also need to ask the owner document of the node. |
5028 LocalFrame* frame = executingFrame(); | 5027 LocalFrame* frame = executingFrame(); |
5029 if (!frame) | 5028 if (!frame) |
5030 return false; | 5029 return false; |
5031 if (!frame->script().canExecuteScripts(NotAboutToExecuteScript)) | 5030 if (!frame->script().canExecuteScripts(NotAboutToExecuteScript)) |
5032 return false; | 5031 return false; |
5033 if (node && node->document() != this && !node->document().allowInlineEventHa
ndlers(node, listener, contextURL, contextLine)) | 5032 if (node && node->document() != this && !node->document().allowInlineEventHa
ndler(node, listener, contextURL, contextLine)) |
5034 return false; | 5033 return false; |
5035 | 5034 |
5036 return true; | 5035 return true; |
5037 } | 5036 } |
5038 | 5037 |
5039 bool Document::allowExecutingScripts(Node* node) | 5038 bool Document::allowExecutingScripts(Node* node) |
5040 { | 5039 { |
5041 // FIXME: Eventually we'd like to evaluate scripts which are inserted into a | 5040 // FIXME: Eventually we'd like to evaluate scripts which are inserted into a |
5042 // viewless document but this'll do for now. | 5041 // viewless document but this'll do for now. |
5043 // See http://bugs.webkit.org/show_bug.cgi?id=5727 | 5042 // See http://bugs.webkit.org/show_bug.cgi?id=5727 |
(...skipping 908 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
5952 #ifndef NDEBUG | 5951 #ifndef NDEBUG |
5953 using namespace blink; | 5952 using namespace blink; |
5954 void showLiveDocumentInstances() | 5953 void showLiveDocumentInstances() |
5955 { | 5954 { |
5956 Document::WeakDocumentSet& set = Document::liveDocumentSet(); | 5955 Document::WeakDocumentSet& set = Document::liveDocumentSet(); |
5957 fprintf(stderr, "There are %u documents currently alive:\n", set.size()); | 5956 fprintf(stderr, "There are %u documents currently alive:\n", set.size()); |
5958 for (Document* document : set) | 5957 for (Document* document : set) |
5959 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().get
String().utf8().data()); | 5958 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().get
String().utf8().data()); |
5960 } | 5959 } |
5961 #endif | 5960 #endif |
OLD | NEW |