Index: third_party/WebKit/Source/core/dom/Document.cpp |
diff --git a/third_party/WebKit/Source/core/dom/Document.cpp b/third_party/WebKit/Source/core/dom/Document.cpp |
index 07eebddf33c3a85c0f39b62889e77d5e5184f5b0..7fefea601a9263fa0168c65fd3cd9e5a4ee6a012 100644 |
--- a/third_party/WebKit/Source/core/dom/Document.cpp |
+++ b/third_party/WebKit/Source/core/dom/Document.cpp |
@@ -5015,10 +5015,9 @@ bool Document::isSecureTransitionTo(const KURL& url) const |
return getSecurityOrigin()->canAccess(other.get()); |
} |
-bool Document::allowInlineEventHandlers(Node* node, EventListener* listener, const String& contextURL, const WTF::OrdinalNumber& contextLine) |
+bool Document::allowInlineEventHandler(Node* node, EventListener* listener, const String& contextURL, const WTF::OrdinalNumber& contextLine) |
{ |
- bool allowedByHash = contentSecurityPolicy()->experimentalFeaturesEnabled() && contentSecurityPolicy()->allowScriptWithHash(listener->code()); |
- if (!ContentSecurityPolicy::shouldBypassMainWorld(this) && !allowedByHash && !contentSecurityPolicy()->allowInlineEventHandlers(contextURL, contextLine)) |
+ if (!ContentSecurityPolicy::shouldBypassMainWorld(this) && !contentSecurityPolicy()->allowInlineEventHandler(listener->code(), contextURL, contextLine)) |
return false; |
// HTML says that inline script needs browsing context to create its execution environment. |
@@ -5030,7 +5029,7 @@ bool Document::allowInlineEventHandlers(Node* node, EventListener* listener, con |
return false; |
if (!frame->script().canExecuteScripts(NotAboutToExecuteScript)) |
return false; |
- if (node && node->document() != this && !node->document().allowInlineEventHandlers(node, listener, contextURL, contextLine)) |
+ if (node && node->document() != this && !node->document().allowInlineEventHandler(node, listener, contextURL, contextLine)) |
return false; |
return true; |