Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(194)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/dom/Document.cpp

Issue 2421473004: CSP: Fire 'SecurityPolicyViolation' on the offending element. (Closed)
Patch Set: Test. Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/bindings/core/v8/ScriptController.cpp ('k') | third_party/WebKit/Source/core/dom/Element.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2001 Dirk Mueller (mueller@kde.org) 4 * (C) 2001 Dirk Mueller (mueller@kde.org)
5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)
6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All
7 * rights reserved. 7 * rights reserved.
8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. 8 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved.
9 * (http://www.torchmobile.com/) 9 * (http://www.torchmobile.com/)
10 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. 10 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.
(...skipping 5375 matching lines...) Expand 10 before | Expand all | Expand 10 after
5386 5386
5387 bool Document::isSecureTransitionTo(const KURL& url) const { 5387 bool Document::isSecureTransitionTo(const KURL& url) const {
5388 RefPtr<SecurityOrigin> other = SecurityOrigin::create(url); 5388 RefPtr<SecurityOrigin> other = SecurityOrigin::create(url);
5389 return getSecurityOrigin()->canAccess(other.get()); 5389 return getSecurityOrigin()->canAccess(other.get());
5390 } 5390 }
5391 5391
5392 bool Document::allowInlineEventHandler(Node* node, 5392 bool Document::allowInlineEventHandler(Node* node,
5393 EventListener* listener, 5393 EventListener* listener,
5394 const String& contextURL, 5394 const String& contextURL,
5395 const WTF::OrdinalNumber& contextLine) { 5395 const WTF::OrdinalNumber& contextLine) {
5396 Element* element = node && node->isElementNode() ? toElement(node) : nullptr;
5396 if (!ContentSecurityPolicy::shouldBypassMainWorld(this) && 5397 if (!ContentSecurityPolicy::shouldBypassMainWorld(this) &&
5397 !contentSecurityPolicy()->allowInlineEventHandler( 5398 !contentSecurityPolicy()->allowInlineEventHandler(
5398 listener->code(), contextURL, contextLine)) 5399 element, listener->code(), contextURL, contextLine))
5399 return false; 5400 return false;
5400 5401
5401 // HTML says that inline script needs browsing context to create its execution 5402 // HTML says that inline script needs browsing context to create its execution
5402 // environment. 5403 // environment.
5403 // http://www.whatwg.org/specs/web-apps/current-work/multipage/webappapis.html #event-handler-attributes 5404 // http://www.whatwg.org/specs/web-apps/current-work/multipage/webappapis.html #event-handler-attributes
5404 // Also, if the listening node came from other document, which happens on 5405 // Also, if the listening node came from other document, which happens on
5405 // context-less event dispatching, we also need to ask the owner document of 5406 // context-less event dispatching, we also need to ask the owner document of
5406 // the node. 5407 // the node.
5407 LocalFrame* frame = executingFrame(); 5408 LocalFrame* frame = executingFrame();
5408 if (!frame) 5409 if (!frame)
(...skipping 991 matching lines...) Expand 10 before | Expand all | Expand 10 after
6400 } 6401 }
6401 6402
6402 void showLiveDocumentInstances() { 6403 void showLiveDocumentInstances() {
6403 WeakDocumentSet& set = liveDocumentSet(); 6404 WeakDocumentSet& set = liveDocumentSet();
6404 fprintf(stderr, "There are %u documents currently alive:\n", set.size()); 6405 fprintf(stderr, "There are %u documents currently alive:\n", set.size());
6405 for (Document* document : set) 6406 for (Document* document : set)
6406 fprintf(stderr, "- Document %p URL: %s\n", document, 6407 fprintf(stderr, "- Document %p URL: %s\n", document,
6407 document->url().getString().utf8().data()); 6408 document->url().getString().utf8().data());
6408 } 6409 }
6409 #endif 6410 #endif
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/bindings/core/v8/ScriptController.cpp ('k') | third_party/WebKit/Source/core/dom/Element.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698