| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
| 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
| 4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
| 5 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights | 5 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009 Apple Inc. All rights |
| 6 * reserved. | 6 * reserved. |
| 7 * (C) 2006 Alexey Proskuryakov (ap@nypop.com) | 7 * (C) 2006 Alexey Proskuryakov (ap@nypop.com) |
| 8 * | 8 * |
| 9 * This library is free software; you can redistribute it and/or | 9 * This library is free software; you can redistribute it and/or |
| 10 * modify it under the terms of the GNU Library General Public | 10 * modify it under the terms of the GNU Library General Public |
| (...skipping 391 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 402 // FIXME: This message should be moved off the console once a solution to | 402 // FIXME: This message should be moved off the console once a solution to |
| 403 // https://bugs.webkit.org/show_bug.cgi?id=103274 exists. | 403 // https://bugs.webkit.org/show_bug.cgi?id=103274 exists. |
| 404 document().addConsoleMessage(ConsoleMessage::create( | 404 document().addConsoleMessage(ConsoleMessage::create( |
| 405 SecurityMessageSource, ErrorMessageLevel, | 405 SecurityMessageSource, ErrorMessageLevel, |
| 406 "Blocked form submission to '" + submission->action().elidedString() + | 406 "Blocked form submission to '" + submission->action().elidedString() + |
| 407 "' because the form's frame is sandboxed and the 'allow-forms' " | 407 "' because the form's frame is sandboxed and the 'allow-forms' " |
| 408 "permission is not set.")); | 408 "permission is not set.")); |
| 409 return; | 409 return; |
| 410 } | 410 } |
| 411 | 411 |
| 412 if (!document().contentSecurityPolicy()->allowFormAction( |
| 413 submission->action())) { |
| 414 return; |
| 415 } |
| 416 |
| 412 if (protocolIsJavaScript(submission->action())) { | 417 if (protocolIsJavaScript(submission->action())) { |
| 413 if (!document().contentSecurityPolicy()->allowFormAction( | |
| 414 submission->action())) | |
| 415 return; | |
| 416 document().frame()->script().executeScriptIfJavaScriptURL( | 418 document().frame()->script().executeScriptIfJavaScriptURL( |
| 417 submission->action()); | 419 submission->action()); |
| 418 return; | 420 return; |
| 419 } | 421 } |
| 420 | 422 |
| 421 Frame* targetFrame = document().frame()->findFrameForNavigation( | 423 Frame* targetFrame = document().frame()->findFrameForNavigation( |
| 422 submission->target(), *document().frame()); | 424 submission->target(), *document().frame()); |
| 423 if (!targetFrame) { | 425 if (!targetFrame) { |
| 424 if (!LocalDOMWindow::allowPopUp(*document().frame()) && | 426 if (!LocalDOMWindow::allowPopUp(*document().frame()) && |
| 425 !UserGestureIndicator::utilizeUserGesture()) | 427 !UserGestureIndicator::utilizeUserGesture()) |
| (...skipping 380 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 806 for (const auto& control : associatedElements()) { | 808 for (const auto& control : associatedElements()) { |
| 807 if (!control->isFormControlElement()) | 809 if (!control->isFormControlElement()) |
| 808 continue; | 810 continue; |
| 809 if (toHTMLFormControlElement(control)->canBeSuccessfulSubmitButton()) | 811 if (toHTMLFormControlElement(control)->canBeSuccessfulSubmitButton()) |
| 810 toHTMLFormControlElement(control)->pseudoStateChanged( | 812 toHTMLFormControlElement(control)->pseudoStateChanged( |
| 811 CSSSelector::PseudoDefault); | 813 CSSSelector::PseudoDefault); |
| 812 } | 814 } |
| 813 } | 815 } |
| 814 | 816 |
| 815 } // namespace blink | 817 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2487973004:
Enforce form-action CSP even when form.target is present. (Closed)
