Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(18)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/bindings/core/v8/ScriptController.cpp

Issue 2421473004: CSP: Fire 'SecurityPolicyViolation' on the offending element. (Closed)
Patch Set: Test. Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/bindings/core/v8/ScriptController.h ('k') | third_party/WebKit/Source/core/dom/Document.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2008, 2009 Google Inc. All rights reserved. 2 * Copyright (C) 2008, 2009 Google Inc. All rights reserved.
3 * Copyright (C) 2009 Apple Inc. All rights reserved. 3 * Copyright (C) 2009 Apple Inc. All rights reserved.
4 * Copyright (C) 2014 Opera Software ASA. All rights reserved. 4 * Copyright (C) 2014 Opera Software ASA. All rights reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are 7 * modification, are permitted provided that the following conditions are
8 * met: 8 * met:
9 * 9 *
10 * * Redistributions of source code must retain the above copyright 10 * * Redistributions of source code must retain the above copyright
(...skipping 313 matching lines...) Expand 10 before | Expand all | Expand 10 after
324 return false; 324 return false;
325 Settings* settings = frame()->settings(); 325 Settings* settings = frame()->settings();
326 const bool allowed = 326 const bool allowed =
327 client->allowScript(settings && settings->scriptEnabled()) || 327 client->allowScript(settings && settings->scriptEnabled()) ||
328 isInPrivateScriptIsolateWorld(isolate()); 328 isInPrivateScriptIsolateWorld(isolate());
329 if (!allowed && reason == AboutToExecuteScript) 329 if (!allowed && reason == AboutToExecuteScript)
330 client->didNotAllowScript(); 330 client->didNotAllowScript();
331 return allowed; 331 return allowed;
332 } 332 }
333 333
334 bool ScriptController::executeScriptIfJavaScriptURL(const KURL& url) { 334 bool ScriptController::executeScriptIfJavaScriptURL(const KURL& url,
335 Element* element) {
335 if (!protocolIsJavaScript(url)) 336 if (!protocolIsJavaScript(url))
336 return false; 337 return false;
337 338
338 bool shouldBypassMainWorldContentSecurityPolicy = 339 bool shouldBypassMainWorldContentSecurityPolicy =
339 ContentSecurityPolicy::shouldBypassMainWorld(frame()->document()); 340 ContentSecurityPolicy::shouldBypassMainWorld(frame()->document());
340 if (!frame()->page() || 341 if (!frame()->page() ||
341 (!shouldBypassMainWorldContentSecurityPolicy && 342 (!shouldBypassMainWorldContentSecurityPolicy &&
342 !frame()->document()->contentSecurityPolicy()->allowJavaScriptURLs( 343 !frame()->document()->contentSecurityPolicy()->allowJavaScriptURLs(
343 frame()->document()->url(), eventHandlerPosition().m_line))) 344 element, frame()->document()->url(),
345 eventHandlerPosition().m_line))) {
344 return true; 346 return true;
347 }
345 348
346 bool progressNotificationsNeeded = 349 bool progressNotificationsNeeded =
347 frame()->loader().stateMachine()->isDisplayingInitialEmptyDocument() && 350 frame()->loader().stateMachine()->isDisplayingInitialEmptyDocument() &&
348 !frame()->isLoading(); 351 !frame()->isLoading();
349 if (progressNotificationsNeeded) 352 if (progressNotificationsNeeded)
350 frame()->loader().progress().progressStarted(); 353 frame()->loader().progress().progressStarted();
351 354
352 Document* ownerDocument = frame()->document(); 355 Document* ownerDocument = frame()->document();
353 356
354 const int javascriptSchemeLength = sizeof("javascript:") - 1; 357 const int javascriptSchemeLength = sizeof("javascript:") - 1;
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after
464 for (size_t i = 0; i < resultArray->Length(); ++i) { 467 for (size_t i = 0; i < resultArray->Length(); ++i) {
465 v8::Local<v8::Value> value; 468 v8::Local<v8::Value> value;
466 if (!resultArray->Get(scriptState->context(), i).ToLocal(&value)) 469 if (!resultArray->Get(scriptState->context(), i).ToLocal(&value))
467 return; 470 return;
468 results->append(value); 471 results->append(value);
469 } 472 }
470 } 473 }
471 } 474 }
472 475
473 } // namespace blink 476 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/bindings/core/v8/ScriptController.h ('k') | third_party/WebKit/Source/core/dom/Document.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698