OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
4 * (C) 2000 Simon Hausmann (hausmann@kde.org) | 4 * (C) 2000 Simon Hausmann (hausmann@kde.org) |
5 * (C) 2001 Dirk Mueller (mueller@kde.org) | 5 * (C) 2001 Dirk Mueller (mueller@kde.org) |
6 * Copyright (C) 2004, 2006, 2008, 2009 Apple Inc. All rights reserved. | 6 * Copyright (C) 2004, 2006, 2008, 2009 Apple Inc. All rights reserved. |
7 * | 7 * |
8 * This library is free software; you can redistribute it and/or | 8 * This library is free software; you can redistribute it and/or |
9 * modify it under the terms of the GNU Library General Public | 9 * modify it under the terms of the GNU Library General Public |
10 * License as published by the Free Software Foundation; either | 10 * License as published by the Free Software Foundation; either |
(...skipping 14 matching lines...) Expand all Loading... |
25 | 25 |
26 #include "bindings/core/v8/ScriptController.h" | 26 #include "bindings/core/v8/ScriptController.h" |
27 #include "bindings/core/v8/ScriptEventListener.h" | 27 #include "bindings/core/v8/ScriptEventListener.h" |
28 #include "core/HTMLNames.h" | 28 #include "core/HTMLNames.h" |
29 #include "core/dom/Attribute.h" | 29 #include "core/dom/Attribute.h" |
30 #include "core/dom/Document.h" | 30 #include "core/dom/Document.h" |
31 #include "core/frame/FrameView.h" | 31 #include "core/frame/FrameView.h" |
32 #include "core/frame/LocalFrame.h" | 32 #include "core/frame/LocalFrame.h" |
33 #include "core/frame/RemoteFrame.h" | 33 #include "core/frame/RemoteFrame.h" |
34 #include "core/frame/RemoteFrameView.h" | 34 #include "core/frame/RemoteFrameView.h" |
| 35 #include "core/frame/csp/ContentSecurityPolicy.h" |
35 #include "core/html/parser/HTMLParserIdioms.h" | 36 #include "core/html/parser/HTMLParserIdioms.h" |
36 #include "core/loader/FrameLoader.h" | 37 #include "core/loader/FrameLoader.h" |
37 #include "core/loader/FrameLoaderClient.h" | 38 #include "core/loader/FrameLoaderClient.h" |
38 #include "core/page/FocusController.h" | 39 #include "core/page/FocusController.h" |
39 #include "core/page/Page.h" | 40 #include "core/page/Page.h" |
40 | 41 |
41 namespace blink { | 42 namespace blink { |
42 | 43 |
43 using namespace HTMLNames; | 44 using namespace HTMLNames; |
44 | 45 |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
77 m_URL = AtomicString(blankURL().getString()); | 78 m_URL = AtomicString(blankURL().getString()); |
78 | 79 |
79 LocalFrame* parentFrame = document().frame(); | 80 LocalFrame* parentFrame = document().frame(); |
80 if (!parentFrame) | 81 if (!parentFrame) |
81 return; | 82 return; |
82 | 83 |
83 // Support for <frame src="javascript:string"> | 84 // Support for <frame src="javascript:string"> |
84 KURL scriptURL; | 85 KURL scriptURL; |
85 KURL url = document().completeURL(m_URL); | 86 KURL url = document().completeURL(m_URL); |
86 if (protocolIsJavaScript(m_URL)) { | 87 if (protocolIsJavaScript(m_URL)) { |
87 scriptURL = url; | 88 // We'll set/execute |scriptURL| iff CSP allows us to execute inline |
| 89 // JavaScript. If CSP blocks inline JavaScript, then exit early if |
| 90 // we're trying to execute script in an existing document. If we're |
| 91 // executing JavaScript to create a new document (e.g. |
| 92 // '<iframe src="javascript:...">' then continue loading 'about:blank' |
| 93 // so that the frame is populated with something reasonable. |
| 94 if (ContentSecurityPolicy::shouldBypassMainWorld(&document()) || |
| 95 document().contentSecurityPolicy()->allowJavaScriptURLs( |
| 96 this, document().url(), OrdinalNumber::first())) { |
| 97 scriptURL = url; |
| 98 } else { |
| 99 if (contentFrame()) |
| 100 return; |
| 101 } |
| 102 |
88 url = blankURL(); | 103 url = blankURL(); |
89 } | 104 } |
90 | 105 |
91 if (!loadOrRedirectSubframe(url, m_frameName, replaceCurrentItem)) | 106 if (!loadOrRedirectSubframe(url, m_frameName, replaceCurrentItem)) |
92 return; | 107 return; |
93 if (!contentFrame() || scriptURL.isEmpty() || !contentFrame()->isLocalFrame()) | 108 if (!contentFrame() || scriptURL.isEmpty() || !contentFrame()->isLocalFrame()) |
94 return; | 109 return; |
95 if (contentFrame()->owner()->getSandboxFlags() & SandboxOrigin) | 110 if (contentFrame()->owner()->getSandboxFlags() & SandboxOrigin) |
96 return; | 111 return; |
97 toLocalFrame(contentFrame()) | 112 toLocalFrame(contentFrame()) |
(...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
246 m_marginWidth = marginWidth; | 261 m_marginWidth = marginWidth; |
247 frameOwnerPropertiesChanged(); | 262 frameOwnerPropertiesChanged(); |
248 } | 263 } |
249 | 264 |
250 void HTMLFrameElementBase::setMarginHeight(int marginHeight) { | 265 void HTMLFrameElementBase::setMarginHeight(int marginHeight) { |
251 m_marginHeight = marginHeight; | 266 m_marginHeight = marginHeight; |
252 frameOwnerPropertiesChanged(); | 267 frameOwnerPropertiesChanged(); |
253 } | 268 } |
254 | 269 |
255 } // namespace blink | 270 } // namespace blink |
OLD | NEW |