OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2010 Google Inc. All rights reserved. | 2 * Copyright (C) 2010 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 29 matching lines...) Expand all Loading... |
40 | 40 |
41 AbstractWorker::AbstractWorker(ExecutionContext* context) | 41 AbstractWorker::AbstractWorker(ExecutionContext* context) |
42 : ActiveDOMObject(context) | 42 : ActiveDOMObject(context) |
43 { | 43 { |
44 } | 44 } |
45 | 45 |
46 AbstractWorker::~AbstractWorker() | 46 AbstractWorker::~AbstractWorker() |
47 { | 47 { |
48 } | 48 } |
49 | 49 |
50 KURL AbstractWorker::resolveURL(const String& url, ExceptionState& exceptionStat
e) | 50 KURL AbstractWorker::resolveURL(const String& url, ExceptionState& exceptionStat
e, WebURLRequest::RequestContext requestContext) |
51 { | 51 { |
52 // FIXME: This should use the dynamic global scope (bug #27887) | 52 // FIXME: This should use the dynamic global scope (bug #27887) |
53 KURL scriptURL = getExecutionContext()->completeURL(url); | 53 KURL scriptURL = getExecutionContext()->completeURL(url); |
54 if (!scriptURL.isValid()) { | 54 if (!scriptURL.isValid()) { |
55 exceptionState.throwDOMException(SyntaxError, "'" + url + "' is not a va
lid URL."); | 55 exceptionState.throwDOMException(SyntaxError, "'" + url + "' is not a va
lid URL."); |
56 return KURL(); | 56 return KURL(); |
57 } | 57 } |
58 | 58 |
59 // We can safely expose the URL in the following exceptions, as these checks
happen synchronously before redirection. JavaScript receives no new information
. | 59 // We can safely expose the URL in the following exceptions, as these checks
happen synchronously before redirection. JavaScript receives no new information
. |
60 if (!getExecutionContext()->getSecurityOrigin()->canRequestNoSuborigin(scrip
tURL)) { | 60 if (!getExecutionContext()->getSecurityOrigin()->canRequestNoSuborigin(scrip
tURL)) { |
61 exceptionState.throwSecurityError("Script at '" + scriptURL.elidedString
() + "' cannot be accessed from origin '" + getExecutionContext()->getSecurityOr
igin()->toString() + "'."); | 61 exceptionState.throwSecurityError("Script at '" + scriptURL.elidedString
() + "' cannot be accessed from origin '" + getExecutionContext()->getSecurityOr
igin()->toString() + "'."); |
62 return KURL(); | 62 return KURL(); |
63 } | 63 } |
64 | 64 |
65 if (getExecutionContext()->contentSecurityPolicy() && !getExecutionContext()
->contentSecurityPolicy()->allowWorkerContextFromSource(scriptURL)) { | 65 if (getExecutionContext()->contentSecurityPolicy() |
| 66 && !(getExecutionContext()->contentSecurityPolicy()->allowRequestWithout
Integrity(requestContext, scriptURL) |
| 67 && getExecutionContext()->contentSecurityPolicy()->allowWorkerContex
tFromSource(scriptURL))) { |
66 exceptionState.throwSecurityError("Access to the script at '" + scriptUR
L.elidedString() + "' is denied by the document's Content Security Policy."); | 68 exceptionState.throwSecurityError("Access to the script at '" + scriptUR
L.elidedString() + "' is denied by the document's Content Security Policy."); |
67 return KURL(); | 69 return KURL(); |
68 } | 70 } |
69 | 71 |
70 return scriptURL; | 72 return scriptURL; |
71 } | 73 } |
72 | 74 |
73 DEFINE_TRACE(AbstractWorker) | 75 DEFINE_TRACE(AbstractWorker) |
74 { | 76 { |
75 EventTargetWithInlineData::trace(visitor); | 77 EventTargetWithInlineData::trace(visitor); |
76 ActiveDOMObject::trace(visitor); | 78 ActiveDOMObject::trace(visitor); |
77 } | 79 } |
78 | 80 |
79 } // namespace blink | 81 } // namespace blink |
OLD | NEW |