Index: third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp |
diff --git a/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp b/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp |
index 5168a162275426a27313b095d744f7cc1b87cfc3..c2382a5eaa807da595646b29e7f53158b2c3539b 100644 |
--- a/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp |
+++ b/third_party/WebKit/Source/core/html/HTMLFrameElementBase.cpp |
@@ -32,6 +32,7 @@ |
#include "core/frame/LocalFrame.h" |
#include "core/frame/RemoteFrame.h" |
#include "core/frame/RemoteFrameView.h" |
+#include "core/frame/csp/ContentSecurityPolicy.h" |
#include "core/html/parser/HTMLParserIdioms.h" |
#include "core/loader/FrameLoader.h" |
#include "core/loader/FrameLoaderClient.h" |
@@ -94,6 +95,11 @@ void HTMLFrameElementBase::openURL(bool replaceCurrentItem) { |
return; |
if (contentFrame()->owner()->getSandboxFlags() & SandboxOrigin) |
return; |
+ if (!ContentSecurityPolicy::shouldBypassMainWorld(&document()) && |
+ !document().contentSecurityPolicy()->allowJavaScriptURLs( |
+ this, document().url(), OrdinalNumber::first())) { |
+ return; |
+ } |
toLocalFrame(contentFrame()) |
->script() |
.executeScriptIfJavaScriptURL(scriptURL, this); |