OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2008 Apple Inc. All Rights Reserved. | 2 * Copyright (C) 2008 Apple Inc. All Rights Reserved. |
3 * Copyright (C) 2012 Google Inc. All Rights Reserved. | 3 * Copyright (C) 2012 Google Inc. All Rights Reserved. |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
(...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
188 } | 188 } |
189 | 189 |
190 void ScriptExecutionContext::closeMessagePorts() { | 190 void ScriptExecutionContext::closeMessagePorts() { |
191 HashSet<MessagePort*>::iterator messagePortsEnd = m_messagePorts.end(); | 191 HashSet<MessagePort*>::iterator messagePortsEnd = m_messagePorts.end(); |
192 for (HashSet<MessagePort*>::iterator iter = m_messagePorts.begin(); iter != messagePortsEnd; ++iter) { | 192 for (HashSet<MessagePort*>::iterator iter = m_messagePorts.begin(); iter != messagePortsEnd; ++iter) { |
193 ASSERT((*iter)->scriptExecutionContext() == this); | 193 ASSERT((*iter)->scriptExecutionContext() == this); |
194 (*iter)->close(); | 194 (*iter)->close(); |
195 } | 195 } |
196 } | 196 } |
197 | 197 |
198 bool ScriptExecutionContext::sanitizeScriptError(String& errorMessage, int& line Number, int& columnNumber, String& sourceURL, CachedScript* cachedScript) | 198 bool ScriptExecutionContext::sanitizeScriptError(String& errorMessage, int& line Number, int& columnNumber, String& sourceURL) |
199 { | 199 { |
200 KURL targetURL = completeURL(sourceURL); | 200 if (scriptPassedAccessControlCheck(completeURL(sourceURL))) |
201 if (securityOrigin()->canRequest(targetURL) || (cachedScript && cachedScript ->passesAccessControlCheck(securityOrigin()))) | |
202 return false; | 201 return false; |
203 errorMessage = "Script error."; | 202 errorMessage = "Script error."; |
204 sourceURL = String(); | 203 sourceURL = String(); |
205 lineNumber = 0; | 204 lineNumber = 0; |
206 columnNumber = 0; | 205 columnNumber = 0; |
207 return true; | 206 return true; |
208 } | 207 } |
209 | 208 |
210 void ScriptExecutionContext::reportException(const String& errorMessage, int lin eNumber, int columnNumber, const String& sourceURL, PassRefPtr<ScriptCallStack> callStack, CachedScript* cachedScript) | 209 void ScriptExecutionContext::reportException(const String& errorMessage, int lin eNumber, int columnNumber, const String& sourceURL, PassRefPtr<ScriptCallStack> callStack) |
211 { | 210 { |
212 if (m_inDispatchErrorEvent) { | 211 if (m_inDispatchErrorEvent) { |
213 if (!m_pendingExceptions) | 212 if (!m_pendingExceptions) |
214 m_pendingExceptions = adoptPtr(new Vector<OwnPtr<PendingException> > ()); | 213 m_pendingExceptions = adoptPtr(new Vector<OwnPtr<PendingException> > ()); |
215 m_pendingExceptions->append(adoptPtr(new PendingException(errorMessage, lineNumber, columnNumber, sourceURL, callStack))); | 214 m_pendingExceptions->append(adoptPtr(new PendingException(errorMessage, lineNumber, columnNumber, sourceURL, callStack))); |
216 return; | 215 return; |
217 } | 216 } |
218 | 217 |
219 // First report the original exception and only then all the nested ones. | 218 // First report the original exception and only then all the nested ones. |
220 if (!dispatchErrorEvent(errorMessage, lineNumber, columnNumber, sourceURL, c achedScript)) | 219 if (!dispatchErrorEvent(errorMessage, lineNumber, columnNumber, sourceURL)) |
221 logExceptionToConsole(errorMessage, sourceURL, lineNumber, columnNumber, callStack); | 220 logExceptionToConsole(errorMessage, sourceURL, lineNumber, columnNumber, callStack); |
222 | 221 |
223 if (!m_pendingExceptions) | 222 if (!m_pendingExceptions) |
224 return; | 223 return; |
225 | 224 |
226 for (size_t i = 0; i < m_pendingExceptions->size(); i++) { | 225 for (size_t i = 0; i < m_pendingExceptions->size(); i++) { |
227 PendingException* e = m_pendingExceptions->at(i).get(); | 226 PendingException* e = m_pendingExceptions->at(i).get(); |
228 logExceptionToConsole(e->m_errorMessage, e->m_sourceURL, e->m_lineNumber , e->m_columnNumber, e->m_callStack); | 227 logExceptionToConsole(e->m_errorMessage, e->m_sourceURL, e->m_lineNumber , e->m_columnNumber, e->m_callStack); |
229 } | 228 } |
230 m_pendingExceptions.clear(); | 229 m_pendingExceptions.clear(); |
231 } | 230 } |
232 | 231 |
233 void ScriptExecutionContext::addConsoleMessage(MessageSource source, MessageLeve l level, const String& message, const String& sourceURL, unsigned lineNumber, Sc riptState* state, unsigned long requestIdentifier) | 232 void ScriptExecutionContext::addConsoleMessage(MessageSource source, MessageLeve l level, const String& message, const String& sourceURL, unsigned lineNumber, Sc riptState* state, unsigned long requestIdentifier) |
234 { | 233 { |
235 addMessage(source, level, message, sourceURL, lineNumber, 0, state, requestI dentifier); | 234 addMessage(source, level, message, sourceURL, lineNumber, 0, state, requestI dentifier); |
236 } | 235 } |
237 | 236 |
238 bool ScriptExecutionContext::dispatchErrorEvent(const String& errorMessage, int lineNumber, int columnNumber, const String& sourceURL, CachedScript* cachedScrip t) | 237 bool ScriptExecutionContext::dispatchErrorEvent(const String& errorMessage, int lineNumber, int columnNumber, const String& sourceURL) |
239 { | 238 { |
240 EventTarget* target = errorEventTarget(); | 239 EventTarget* target = errorEventTarget(); |
241 if (!target) | 240 if (!target) |
242 return false; | 241 return false; |
243 | 242 |
244 String message = errorMessage; | 243 String message = errorMessage; |
245 int line = lineNumber; | 244 int line = lineNumber; |
246 int column = columnNumber; | 245 int column = columnNumber; |
247 String sourceName = sourceURL; | 246 String sourceName = sourceURL; |
248 sanitizeScriptError(message, line, column, sourceName, cachedScript); | 247 sanitizeScriptError(message, line, column, sourceName); |
249 | 248 |
250 ASSERT(!m_inDispatchErrorEvent); | 249 ASSERT(!m_inDispatchErrorEvent); |
251 m_inDispatchErrorEvent = true; | 250 m_inDispatchErrorEvent = true; |
252 RefPtr<ErrorEvent> errorEvent = ErrorEvent::create(message, sourceName, line , column); | 251 RefPtr<ErrorEvent> errorEvent = ErrorEvent::create(message, sourceName, line , column); |
253 target->dispatchEvent(errorEvent); | 252 target->dispatchEvent(errorEvent); |
254 m_inDispatchErrorEvent = false; | 253 m_inDispatchErrorEvent = false; |
255 return errorEvent->defaultPrevented(); | 254 return errorEvent->defaultPrevented(); |
256 } | 255 } |
257 | 256 |
258 int ScriptExecutionContext::circularSequentialID() | 257 int ScriptExecutionContext::circularSequentialID() |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
322 | 321 |
323 ScriptExecutionContext::Task::~Task() | 322 ScriptExecutionContext::Task::~Task() |
324 { | 323 { |
325 } | 324 } |
326 | 325 |
327 void ScriptExecutionContext::setDatabaseContext(DatabaseContext* databaseContext ) | 326 void ScriptExecutionContext::setDatabaseContext(DatabaseContext* databaseContext ) |
328 { | 327 { |
329 m_databaseContext = databaseContext; | 328 m_databaseContext = databaseContext; |
330 } | 329 } |
331 | 330 |
331 void ScriptExecutionContext::didLoadScriptThatPassedAccessControlCheck(const KUR L& url) | |
332 { | |
333 m_scriptsPassingAccessControlCheck.add(url.string().impl()->hash()); | |
334 } | |
335 | |
336 bool ScriptExecutionContext::scriptPassedAccessControlCheck(const KURL& url) con st | |
337 { | |
338 return securityOrigin()->canRequest(url) || m_scriptsPassingAccessControlChe ck.contains(url.string().impl()->hash()); | |
abarth-chromium
2013/07/25 18:19:16
not lgtm
This is insecure. String::hash isn't a
| |
339 } | |
340 | |
332 } // namespace WebCore | 341 } // namespace WebCore |
OLD | NEW |