OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights | 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights |
6 * reserved. | 6 * reserved. |
7 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> | 7 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> |
8 * | 8 * |
9 * This library is free software; you can redistribute it and/or | 9 * This library is free software; you can redistribute it and/or |
10 * modify it under the terms of the GNU Library General Public | 10 * modify it under the terms of the GNU Library General Public |
(...skipping 329 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
340 ResourceRequest(elementDocument->completeURL(sourceUrl)), | 340 ResourceRequest(elementDocument->completeURL(sourceUrl)), |
341 m_element->localName()); | 341 m_element->localName()); |
342 | 342 |
343 CrossOriginAttributeValue crossOrigin = crossOriginAttributeValue( | 343 CrossOriginAttributeValue crossOrigin = crossOriginAttributeValue( |
344 m_element->fastGetAttribute(HTMLNames::crossoriginAttr)); | 344 m_element->fastGetAttribute(HTMLNames::crossoriginAttr)); |
345 if (crossOrigin != CrossOriginAttributeNotSet) | 345 if (crossOrigin != CrossOriginAttributeNotSet) |
346 request.setCrossOriginAccessControl(elementDocument->getSecurityOrigin(), | 346 request.setCrossOriginAccessControl(elementDocument->getSecurityOrigin(), |
347 crossOrigin); | 347 crossOrigin); |
348 request.setCharset(scriptCharset()); | 348 request.setCharset(scriptCharset()); |
349 | 349 |
350 if (ContentSecurityPolicy::isNonceableElement(m_element.get())) { | 350 if (ContentSecurityPolicy::isNonceableElement(m_element.get())) |
351 request.setContentSecurityPolicyNonce( | 351 request.setContentSecurityPolicyNonce(client()->nonce()); |
352 m_element->fastGetAttribute(HTMLNames::nonceAttr)); | |
353 } | |
354 | 352 |
355 request.setParserDisposition(isParserInserted() ? ParserInserted | 353 request.setParserDisposition(isParserInserted() ? ParserInserted |
356 : NotParserInserted); | 354 : NotParserInserted); |
357 | 355 |
358 request.setDefer(defer); | 356 request.setDefer(defer); |
359 | 357 |
360 String integrityAttr = | 358 String integrityAttr = |
361 m_element->fastGetAttribute(HTMLNames::integrityAttr); | 359 m_element->fastGetAttribute(HTMLNames::integrityAttr); |
362 if (!integrityAttr.isEmpty()) { | 360 if (!integrityAttr.isEmpty()) { |
363 IntegrityMetadataSet metadataSet; | 361 IntegrityMetadataSet metadataSet; |
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
458 LocalFrame* frame = contextDocument->frame(); | 456 LocalFrame* frame = contextDocument->frame(); |
459 | 457 |
460 const ContentSecurityPolicy* csp = elementDocument->contentSecurityPolicy(); | 458 const ContentSecurityPolicy* csp = elementDocument->contentSecurityPolicy(); |
461 bool shouldBypassMainWorldCSP = | 459 bool shouldBypassMainWorldCSP = |
462 (frame && frame->script().shouldBypassMainWorldCSP()) || | 460 (frame && frame->script().shouldBypassMainWorldCSP()) || |
463 csp->allowScriptWithHash(sourceCode.source(), | 461 csp->allowScriptWithHash(sourceCode.source(), |
464 ContentSecurityPolicy::InlineType::Block); | 462 ContentSecurityPolicy::InlineType::Block); |
465 | 463 |
466 AtomicString nonce = | 464 AtomicString nonce = |
467 ContentSecurityPolicy::isNonceableElement(m_element.get()) | 465 ContentSecurityPolicy::isNonceableElement(m_element.get()) |
468 ? m_element->fastGetAttribute(HTMLNames::nonceAttr) | 466 ? client()->nonce() |
469 : AtomicString(); | 467 : nullAtom; |
470 if (!m_isExternalScript && | 468 if (!m_isExternalScript && |
471 (!shouldBypassMainWorldCSP && | 469 (!shouldBypassMainWorldCSP && |
472 !csp->allowInlineScript(m_element, elementDocument->url(), nonce, | 470 !csp->allowInlineScript(m_element, elementDocument->url(), nonce, |
473 m_startLineNumber, sourceCode.source()))) { | 471 m_startLineNumber, sourceCode.source()))) { |
474 return false; | 472 return false; |
475 } | 473 } |
476 | 474 |
477 if (m_isExternalScript) { | 475 if (m_isExternalScript) { |
478 ScriptResource* resource = | 476 ScriptResource* resource = |
479 m_resource ? m_resource.get() : sourceCode.resource(); | 477 m_resource ? m_resource.get() : sourceCode.resource(); |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
545 // Create a script from the script element node, using the script | 543 // Create a script from the script element node, using the script |
546 // block's source and the script block's type. | 544 // block's source and the script block's type. |
547 // Note: This is where the script is compiled and actually executed. | 545 // Note: This is where the script is compiled and actually executed. |
548 frame->script().executeScriptInMainWorld(sourceCode, accessControlStatus); | 546 frame->script().executeScriptInMainWorld(sourceCode, accessControlStatus); |
549 | 547 |
550 if (isHTMLScriptLoader(m_element) || isSVGScriptLoader(m_element)) { | 548 if (isHTMLScriptLoader(m_element) || isSVGScriptLoader(m_element)) { |
551 DCHECK(contextDocument->currentScript() == m_element); | 549 DCHECK(contextDocument->currentScript() == m_element); |
552 contextDocument->popCurrentScript(); | 550 contextDocument->popCurrentScript(); |
553 } | 551 } |
554 | 552 |
| 553 // "Number used _once_", so, clear it out after execution. |
| 554 if (RuntimeEnabledFeatures::hideNonceContentAttributeEnabled()) |
| 555 client()->clearNonce(); |
| 556 |
555 return true; | 557 return true; |
556 } | 558 } |
557 | 559 |
558 void ScriptLoader::execute() { | 560 void ScriptLoader::execute() { |
559 DCHECK(!m_willBeParserExecuted); | 561 DCHECK(!m_willBeParserExecuted); |
560 DCHECK(m_asyncExecType != ScriptRunner::None); | 562 DCHECK(m_asyncExecType != ScriptRunner::None); |
561 DCHECK(m_pendingScript->resource()); | 563 DCHECK(m_pendingScript->resource()); |
562 bool errorOccurred = false; | 564 bool errorOccurred = false; |
563 ScriptSourceCode source = m_pendingScript->getSource(KURL(), errorOccurred); | 565 ScriptSourceCode source = m_pendingScript->getSource(KURL(), errorOccurred); |
564 m_pendingScript->dispose(); | 566 m_pendingScript->dispose(); |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
647 if (isHTMLScriptLoader(element)) | 649 if (isHTMLScriptLoader(element)) |
648 return toHTMLScriptElement(element)->loader(); | 650 return toHTMLScriptElement(element)->loader(); |
649 | 651 |
650 if (isSVGScriptLoader(element)) | 652 if (isSVGScriptLoader(element)) |
651 return toSVGScriptElement(element)->loader(); | 653 return toSVGScriptElement(element)->loader(); |
652 | 654 |
653 return 0; | 655 return 0; |
654 } | 656 } |
655 | 657 |
656 } // namespace blink | 658 } // namespace blink |
OLD | NEW |