| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
| 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
| 4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
| 5 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights | 5 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights |
| 6 * reserved. | 6 * reserved. |
| 7 * (C) 2006 Alexey Proskuryakov (ap@nypop.com) | 7 * (C) 2006 Alexey Proskuryakov (ap@nypop.com) |
| 8 * | 8 * |
| 9 * This library is free software; you can redistribute it and/or | 9 * This library is free software; you can redistribute it and/or |
| 10 * modify it under the terms of the GNU Library General Public | 10 * modify it under the terms of the GNU Library General Public |
| (...skipping 398 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 409 // FIXME: This message should be moved off the console once a solution to | 409 // FIXME: This message should be moved off the console once a solution to |
| 410 // https://bugs.webkit.org/show_bug.cgi?id=103274 exists. | 410 // https://bugs.webkit.org/show_bug.cgi?id=103274 exists. |
| 411 document().addConsoleMessage(ConsoleMessage::create( | 411 document().addConsoleMessage(ConsoleMessage::create( |
| 412 SecurityMessageSource, ErrorMessageLevel, | 412 SecurityMessageSource, ErrorMessageLevel, |
| 413 "Blocked form submission to '" + submission->action().elidedString() + | 413 "Blocked form submission to '" + submission->action().elidedString() + |
| 414 "' because the form's frame is sandboxed and the 'allow-forms' " | 414 "' because the form's frame is sandboxed and the 'allow-forms' " |
| 415 "permission is not set.")); | 415 "permission is not set.")); |
| 416 return; | 416 return; |
| 417 } | 417 } |
| 418 | 418 |
| 419 if (!document().contentSecurityPolicy()->allowFormAction( |
| 420 submission->action())) { |
| 421 return; |
| 422 } |
| 423 |
| 419 if (protocolIsJavaScript(submission->action())) { | 424 if (protocolIsJavaScript(submission->action())) { |
| 420 if (!document().contentSecurityPolicy()->allowFormAction( | |
| 421 submission->action())) | |
| 422 return; | |
| 423 document().frame()->script().executeScriptIfJavaScriptURL( | 425 document().frame()->script().executeScriptIfJavaScriptURL( |
| 424 submission->action(), this); | 426 submission->action(), this); |
| 425 return; | 427 return; |
| 426 } | 428 } |
| 427 | 429 |
| 428 Frame* targetFrame = document().frame()->findFrameForNavigation( | 430 Frame* targetFrame = document().frame()->findFrameForNavigation( |
| 429 submission->target(), *document().frame()); | 431 submission->target(), *document().frame()); |
| 430 if (!targetFrame) { | 432 if (!targetFrame) { |
| 431 if (!LocalDOMWindow::allowPopUp(*document().frame()) && | 433 if (!LocalDOMWindow::allowPopUp(*document().frame()) && |
| 432 !UserGestureIndicator::utilizeUserGesture()) | 434 !UserGestureIndicator::utilizeUserGesture()) |
| (...skipping 380 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 813 for (const auto& control : associatedElements()) { | 815 for (const auto& control : associatedElements()) { |
| 814 if (!control->isFormControlElement()) | 816 if (!control->isFormControlElement()) |
| 815 continue; | 817 continue; |
| 816 if (toHTMLFormControlElement(control)->canBeSuccessfulSubmitButton()) | 818 if (toHTMLFormControlElement(control)->canBeSuccessfulSubmitButton()) |
| 817 toHTMLFormControlElement(control)->pseudoStateChanged( | 819 toHTMLFormControlElement(control)->pseudoStateChanged( |
| 818 CSSSelector::PseudoDefault); | 820 CSSSelector::PseudoDefault); |
| 819 } | 821 } |
| 820 } | 822 } |
| 821 | 823 |
| 822 } // namespace blink | 824 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2464123004:
Enforce form-action CSP even when form.target is present. (Closed)
