Index: Source/core/dom/ScriptExecutionContext.cpp |
diff --git a/Source/core/dom/ScriptExecutionContext.cpp b/Source/core/dom/ScriptExecutionContext.cpp |
index 6c0b2101c5dfe6e21e924cc2f016b092ca95ca7e..3094071d16b8382d0469a25747763ca721c83ed1 100644 |
--- a/Source/core/dom/ScriptExecutionContext.cpp |
+++ b/Source/core/dom/ScriptExecutionContext.cpp |
@@ -195,10 +195,9 @@ void ScriptExecutionContext::closeMessagePorts() { |
} |
} |
-bool ScriptExecutionContext::sanitizeScriptError(String& errorMessage, int& lineNumber, int& columnNumber, String& sourceURL, CachedScript* cachedScript) |
+bool ScriptExecutionContext::sanitizeScriptError(String& errorMessage, int& lineNumber, int& columnNumber, String& sourceURL) |
{ |
- KURL targetURL = completeURL(sourceURL); |
- if (securityOrigin()->canRequest(targetURL) || (cachedScript && cachedScript->passesAccessControlCheck(securityOrigin()))) |
+ if (scriptPassedAccessControlCheck(completeURL(sourceURL))) |
return false; |
errorMessage = "Script error."; |
sourceURL = String(); |
@@ -207,7 +206,7 @@ bool ScriptExecutionContext::sanitizeScriptError(String& errorMessage, int& line |
return true; |
} |
-void ScriptExecutionContext::reportException(const String& errorMessage, int lineNumber, int columnNumber, const String& sourceURL, PassRefPtr<ScriptCallStack> callStack, CachedScript* cachedScript) |
+void ScriptExecutionContext::reportException(const String& errorMessage, int lineNumber, int columnNumber, const String& sourceURL, PassRefPtr<ScriptCallStack> callStack) |
{ |
if (m_inDispatchErrorEvent) { |
if (!m_pendingExceptions) |
@@ -217,7 +216,7 @@ void ScriptExecutionContext::reportException(const String& errorMessage, int lin |
} |
// First report the original exception and only then all the nested ones. |
- if (!dispatchErrorEvent(errorMessage, lineNumber, columnNumber, sourceURL, cachedScript)) |
+ if (!dispatchErrorEvent(errorMessage, lineNumber, columnNumber, sourceURL)) |
logExceptionToConsole(errorMessage, sourceURL, lineNumber, columnNumber, callStack); |
if (!m_pendingExceptions) |
@@ -235,7 +234,7 @@ void ScriptExecutionContext::addConsoleMessage(MessageSource source, MessageLeve |
addMessage(source, level, message, sourceURL, lineNumber, 0, state, requestIdentifier); |
} |
-bool ScriptExecutionContext::dispatchErrorEvent(const String& errorMessage, int lineNumber, int columnNumber, const String& sourceURL, CachedScript* cachedScript) |
+bool ScriptExecutionContext::dispatchErrorEvent(const String& errorMessage, int lineNumber, int columnNumber, const String& sourceURL) |
{ |
EventTarget* target = errorEventTarget(); |
if (!target) |
@@ -245,7 +244,7 @@ bool ScriptExecutionContext::dispatchErrorEvent(const String& errorMessage, int |
int line = lineNumber; |
int column = columnNumber; |
String sourceName = sourceURL; |
- sanitizeScriptError(message, line, column, sourceName, cachedScript); |
+ sanitizeScriptError(message, line, column, sourceName); |
ASSERT(!m_inDispatchErrorEvent); |
m_inDispatchErrorEvent = true; |
@@ -329,4 +328,14 @@ void ScriptExecutionContext::setDatabaseContext(DatabaseContext* databaseContext |
m_databaseContext = databaseContext; |
} |
+void ScriptExecutionContext::didLoadScriptThatPassedAccessControlCheck(const KURL& url) |
+{ |
+ m_scriptsPassingAccessControlCheck.add(url.string().impl()->hash()); |
+} |
+ |
+bool ScriptExecutionContext::scriptPassedAccessControlCheck(const KURL& url) const |
+{ |
+ return securityOrigin()->canRequest(url) || m_scriptsPassingAccessControlCheck.contains(url.string().impl()->hash()); |
abarth-chromium
2013/07/25 18:19:16
not lgtm
This is insecure. String::hash isn't a
|
+} |
+ |
} // namespace WebCore |