OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2011 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 317 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
328 return; | 328 return; |
329 } | 329 } |
330 | 330 |
331 if (!isPortAllowedForScheme(m_url)) { | 331 if (!isPortAllowedForScheme(m_url)) { |
332 m_state = kClosed; | 332 m_state = kClosed; |
333 exceptionState.throwSecurityError( | 333 exceptionState.throwSecurityError( |
334 "The port " + String::number(m_url.port()) + " is not allowed."); | 334 "The port " + String::number(m_url.port()) + " is not allowed."); |
335 return; | 335 return; |
336 } | 336 } |
337 | 337 |
338 // FIXME: Convert this to check the isolated world's Content Security Policy | |
339 // once webkit.org/b/104520 is solved. | |
340 if (!ContentSecurityPolicy::shouldBypassMainWorld(getExecutionContext()) && | 338 if (!ContentSecurityPolicy::shouldBypassMainWorld(getExecutionContext()) && |
341 !getExecutionContext()->contentSecurityPolicy()->allowConnectToSource( | 339 !getExecutionContext()->contentSecurityPolicy()->allowConnectToSource( |
342 m_url)) { | 340 m_url)) { |
343 m_state = kClosed; | 341 m_state = kClosed; |
344 // The URL is safe to expose to JavaScript, as this check happens | 342 |
345 // synchronously before redirection. | 343 // Delay the event dispatch until after the current task by suspending and |
346 exceptionState.throwSecurityError( | 344 // resuming the queue. If we don't do this, the event is fired synchronously |
347 "Refused to connect to '" + m_url.elidedString() + | 345 // with the constructor, meaning that it's impossible to listen for. |
348 "' because it violates the document's Content Security Policy."); | 346 m_eventQueue->suspend(); |
| 347 m_eventQueue->dispatch(Event::create(EventTypeNames::error)); |
| 348 m_eventQueue->resume(); |
349 return; | 349 return; |
350 } | 350 } |
351 | 351 |
352 // Fail if not all elements in |protocols| are valid. | 352 // Fail if not all elements in |protocols| are valid. |
353 for (size_t i = 0; i < protocols.size(); ++i) { | 353 for (size_t i = 0; i < protocols.size(); ++i) { |
354 if (!isValidSubprotocolString(protocols[i])) { | 354 if (!isValidSubprotocolString(protocols[i])) { |
355 m_state = kClosed; | 355 m_state = kClosed; |
356 exceptionState.throwDOMException( | 356 exceptionState.throwDOMException( |
357 SyntaxError, "The subprotocol '" + | 357 SyntaxError, "The subprotocol '" + |
358 encodeSubprotocolString(protocols[i]) + | 358 encodeSubprotocolString(protocols[i]) + |
(...skipping 505 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
864 | 864 |
865 DEFINE_TRACE(DOMWebSocket) { | 865 DEFINE_TRACE(DOMWebSocket) { |
866 visitor->trace(m_channel); | 866 visitor->trace(m_channel); |
867 visitor->trace(m_eventQueue); | 867 visitor->trace(m_eventQueue); |
868 WebSocketChannelClient::trace(visitor); | 868 WebSocketChannelClient::trace(visitor); |
869 EventTargetWithInlineData::trace(visitor); | 869 EventTargetWithInlineData::trace(visitor); |
870 SuspendableObject::trace(visitor); | 870 SuspendableObject::trace(visitor); |
871 } | 871 } |
872 | 872 |
873 } // namespace blink | 873 } // namespace blink |
OLD | NEW |