OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2011 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 313 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
324 return; | 324 return; |
325 } | 325 } |
326 | 326 |
327 if (!isPortAllowedForScheme(m_url)) { | 327 if (!isPortAllowedForScheme(m_url)) { |
328 m_state = kClosed; | 328 m_state = kClosed; |
329 exceptionState.throwSecurityError( | 329 exceptionState.throwSecurityError( |
330 "The port " + String::number(m_url.port()) + " is not allowed."); | 330 "The port " + String::number(m_url.port()) + " is not allowed."); |
331 return; | 331 return; |
332 } | 332 } |
333 | 333 |
334 // FIXME: Convert this to check the isolated world's Content Security Policy | |
335 // once webkit.org/b/104520 is solved. | |
tyoshino (SeeGerritForStatus)
2016/10/27 14:16:35
is it fine to remove this? We still have the same
Mike West
2016/10/27 14:20:25
Since it seems like the extensions team has entire
tyoshino (SeeGerritForStatus)
2016/10/27 14:22:13
OK
| |
336 if (!ContentSecurityPolicy::shouldBypassMainWorld(getExecutionContext()) && | 334 if (!ContentSecurityPolicy::shouldBypassMainWorld(getExecutionContext()) && |
337 !getExecutionContext()->contentSecurityPolicy()->allowConnectToSource( | 335 !getExecutionContext()->contentSecurityPolicy()->allowConnectToSource( |
338 m_url)) { | 336 m_url)) { |
339 m_state = kClosed; | 337 m_state = kClosed; |
340 // The URL is safe to expose to JavaScript, as this check happens | 338 |
341 // synchronously before redirection. | 339 // Delay the event dispatch until after the current task by suspending and |
342 exceptionState.throwSecurityError( | 340 // resuming the queue. If we don't do this, the event is fired synchronously |
343 "Refused to connect to '" + m_url.elidedString() + | 341 // with the constructor, meaning that it's impossible to listen for. |
344 "' because it violates the document's Content Security Policy."); | 342 m_eventQueue->suspend(); |
343 m_eventQueue->dispatch(Event::create(EventTypeNames::error)); | |
344 m_eventQueue->resume(); | |
345 return; | 345 return; |
346 } | 346 } |
347 | 347 |
348 // Fail if not all elements in |protocols| are valid. | 348 // Fail if not all elements in |protocols| are valid. |
349 for (size_t i = 0; i < protocols.size(); ++i) { | 349 for (size_t i = 0; i < protocols.size(); ++i) { |
350 if (!isValidSubprotocolString(protocols[i])) { | 350 if (!isValidSubprotocolString(protocols[i])) { |
351 m_state = kClosed; | 351 m_state = kClosed; |
352 exceptionState.throwDOMException( | 352 exceptionState.throwDOMException( |
353 SyntaxError, "The subprotocol '" + | 353 SyntaxError, "The subprotocol '" + |
354 encodeSubprotocolString(protocols[i]) + | 354 encodeSubprotocolString(protocols[i]) + |
(...skipping 505 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
860 | 860 |
861 DEFINE_TRACE(DOMWebSocket) { | 861 DEFINE_TRACE(DOMWebSocket) { |
862 visitor->trace(m_channel); | 862 visitor->trace(m_channel); |
863 visitor->trace(m_eventQueue); | 863 visitor->trace(m_eventQueue); |
864 WebSocketChannelClient::trace(visitor); | 864 WebSocketChannelClient::trace(visitor); |
865 EventTargetWithInlineData::trace(visitor); | 865 EventTargetWithInlineData::trace(visitor); |
866 ActiveDOMObject::trace(visitor); | 866 ActiveDOMObject::trace(visitor); |
867 } | 867 } |
868 | 868 |
869 } // namespace blink | 869 } // namespace blink |
OLD | NEW |