| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
| 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
| 4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
| 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights | 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights |
| 6 * reserved. | 6 * reserved. |
| 7 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> | 7 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> |
| 8 * | 8 * |
| 9 * This library is free software; you can redistribute it and/or | 9 * This library is free software; you can redistribute it and/or |
| 10 * modify it under the terms of the GNU Library General Public | 10 * modify it under the terms of the GNU Library General Public |
| (...skipping 443 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 454 return true; | 454 return true; |
| 455 | 455 |
| 456 LocalFrame* frame = contextDocument->frame(); | 456 LocalFrame* frame = contextDocument->frame(); |
| 457 | 457 |
| 458 const ContentSecurityPolicy* csp = elementDocument->contentSecurityPolicy(); | 458 const ContentSecurityPolicy* csp = elementDocument->contentSecurityPolicy(); |
| 459 bool shouldBypassMainWorldCSP = | 459 bool shouldBypassMainWorldCSP = |
| 460 (frame && frame->script().shouldBypassMainWorldCSP()) || | 460 (frame && frame->script().shouldBypassMainWorldCSP()) || |
| 461 csp->allowScriptWithHash(sourceCode.source(), | 461 csp->allowScriptWithHash(sourceCode.source(), |
| 462 ContentSecurityPolicy::InlineType::Block); | 462 ContentSecurityPolicy::InlineType::Block); |
| 463 | 463 |
| 464 ParserDisposition parserDisposition = | |
| 465 isParserInserted() ? ParserInserted : NotParserInserted; | |
| 466 | |
| 467 AtomicString nonce = | 464 AtomicString nonce = |
| 468 ContentSecurityPolicy::isNonceableElement(m_element.get()) | 465 ContentSecurityPolicy::isNonceableElement(m_element.get()) |
| 469 ? m_element->fastGetAttribute(HTMLNames::nonceAttr) | 466 ? m_element->fastGetAttribute(HTMLNames::nonceAttr) |
| 470 : AtomicString(); | 467 : AtomicString(); |
| 471 if (!m_isExternalScript && | 468 if (!m_isExternalScript && |
| 472 (!shouldBypassMainWorldCSP && | 469 (!shouldBypassMainWorldCSP && |
| 473 !csp->allowInlineScript(elementDocument->url(), nonce, parserDisposition, | 470 !csp->allowInlineScript(m_element, elementDocument->url(), nonce, |
| 474 m_startLineNumber, sourceCode.source()))) { | 471 m_startLineNumber, sourceCode.source()))) { |
| 475 return false; | 472 return false; |
| 476 } | 473 } |
| 477 | 474 |
| 478 if (m_isExternalScript) { | 475 if (m_isExternalScript) { |
| 479 ScriptResource* resource = | 476 ScriptResource* resource = |
| 480 m_resource ? m_resource.get() : sourceCode.resource(); | 477 m_resource ? m_resource.get() : sourceCode.resource(); |
| 481 if (resource) { | 478 if (resource) { |
| 482 if (!resource->mimeTypeAllowedByNosniff()) { | 479 if (!resource->mimeTypeAllowedByNosniff()) { |
| 483 contextDocument->addConsoleMessage(ConsoleMessage::create( | 480 contextDocument->addConsoleMessage(ConsoleMessage::create( |
| (...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 648 if (isHTMLScriptLoader(element)) | 645 if (isHTMLScriptLoader(element)) |
| 649 return toHTMLScriptElement(element)->loader(); | 646 return toHTMLScriptElement(element)->loader(); |
| 650 | 647 |
| 651 if (isSVGScriptLoader(element)) | 648 if (isSVGScriptLoader(element)) |
| 652 return toSVGScriptElement(element)->loader(); | 649 return toSVGScriptElement(element)->loader(); |
| 653 | 650 |
| 654 return 0; | 651 return 0; |
| 655 } | 652 } |
| 656 | 653 |
| 657 } // namespace blink | 654 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2421473004:
CSP: Fire 'SecurityPolicyViolation' on the offending element. (Closed)
