| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
| 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
| 4 * (C) 2000 Simon Hausmann (hausmann@kde.org) | 4 * (C) 2000 Simon Hausmann (hausmann@kde.org) |
| 5 * (C) 2001 Dirk Mueller (mueller@kde.org) | 5 * (C) 2001 Dirk Mueller (mueller@kde.org) |
| 6 * Copyright (C) 2004, 2006, 2008, 2009 Apple Inc. All rights reserved. | 6 * Copyright (C) 2004, 2006, 2008, 2009 Apple Inc. All rights reserved. |
| 7 * | 7 * |
| 8 * This library is free software; you can redistribute it and/or | 8 * This library is free software; you can redistribute it and/or |
| 9 * modify it under the terms of the GNU Library General Public | 9 * modify it under the terms of the GNU Library General Public |
| 10 * License as published by the Free Software Foundation; either | 10 * License as published by the Free Software Foundation; either |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 50 m_scrollingMode(ScrollbarAuto), | 50 m_scrollingMode(ScrollbarAuto), |
| 51 m_marginWidth(-1), | 51 m_marginWidth(-1), |
| 52 m_marginHeight(-1) {} | 52 m_marginHeight(-1) {} |
| 53 | 53 |
| 54 bool HTMLFrameElementBase::isURLAllowed() const { | 54 bool HTMLFrameElementBase::isURLAllowed() const { |
| 55 if (m_URL.isEmpty()) | 55 if (m_URL.isEmpty()) |
| 56 return true; | 56 return true; |
| 57 | 57 |
| 58 const KURL& completeURL = document().completeURL(m_URL); | 58 const KURL& completeURL = document().completeURL(m_URL); |
| 59 | 59 |
| 60 if (contentFrame() && protocolIsJavaScript(completeURL)) { | 60 if (contentFrame() && completeURL.protocolIsJavaScript()) { |
| 61 // Check if the caller can execute script in the context of the content | 61 // Check if the caller can execute script in the context of the content |
| 62 // frame. NB: This check can be invoked without any JS on the stack for some | 62 // frame. NB: This check can be invoked without any JS on the stack for some |
| 63 // parser operations. In such case, we use the origin of the frame element's | 63 // parser operations. In such case, we use the origin of the frame element's |
| 64 // containing document as the caller context. | 64 // containing document as the caller context. |
| 65 v8::Isolate* isolate = toIsolate(&document()); | 65 v8::Isolate* isolate = toIsolate(&document()); |
| 66 LocalDOMWindow* accessingWindow = isolate->InContext() | 66 LocalDOMWindow* accessingWindow = isolate->InContext() |
| 67 ? currentDOMWindow(isolate) | 67 ? currentDOMWindow(isolate) |
| 68 : document().domWindow(); | 68 : document().domWindow(); |
| 69 if (!BindingSecurity::shouldAllowAccessToFrame( | 69 if (!BindingSecurity::shouldAllowAccessToFrame( |
| 70 accessingWindow, contentFrame(), | 70 accessingWindow, contentFrame(), |
| (...skipping 15 matching lines...) Expand all Loading... |
| 86 if (m_URL.isEmpty()) | 86 if (m_URL.isEmpty()) |
| 87 m_URL = AtomicString(blankURL().getString()); | 87 m_URL = AtomicString(blankURL().getString()); |
| 88 | 88 |
| 89 LocalFrame* parentFrame = document().frame(); | 89 LocalFrame* parentFrame = document().frame(); |
| 90 if (!parentFrame) | 90 if (!parentFrame) |
| 91 return; | 91 return; |
| 92 | 92 |
| 93 // Support for <frame src="javascript:string"> | 93 // Support for <frame src="javascript:string"> |
| 94 KURL scriptURL; | 94 KURL scriptURL; |
| 95 KURL url = document().completeURL(m_URL); | 95 KURL url = document().completeURL(m_URL); |
| 96 if (protocolIsJavaScript(m_URL)) { | 96 if (url.protocolIsJavaScript()) { |
| 97 // We'll set/execute |scriptURL| iff CSP allows us to execute inline | 97 // We'll set/execute |scriptURL| iff CSP allows us to execute inline |
| 98 // JavaScript. If CSP blocks inline JavaScript, then exit early if | 98 // JavaScript. If CSP blocks inline JavaScript, then exit early if |
| 99 // we're trying to execute script in an existing document. If we're | 99 // we're trying to execute script in an existing document. If we're |
| 100 // executing JavaScript to create a new document (e.g. | 100 // executing JavaScript to create a new document (e.g. |
| 101 // '<iframe src="javascript:...">' then continue loading 'about:blank' | 101 // '<iframe src="javascript:...">' then continue loading 'about:blank' |
| 102 // so that the frame is populated with something reasonable. | 102 // so that the frame is populated with something reasonable. |
| 103 if (ContentSecurityPolicy::shouldBypassMainWorld(&document()) || | 103 if (ContentSecurityPolicy::shouldBypassMainWorld(&document()) || |
| 104 document().contentSecurityPolicy()->allowJavaScriptURLs( | 104 document().contentSecurityPolicy()->allowJavaScriptURLs( |
| 105 this, document().url(), OrdinalNumber::first())) { | 105 this, document().url(), OrdinalNumber::first())) { |
| 106 scriptURL = url; | 106 scriptURL = url; |
| (...skipping 182 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 289 | 289 |
| 290 if (contentDocument()) { | 290 if (contentDocument()) { |
| 291 contentDocument()->willChangeFrameOwnerProperties( | 291 contentDocument()->willChangeFrameOwnerProperties( |
| 292 m_marginWidth, marginHeight, m_scrollingMode); | 292 m_marginWidth, marginHeight, m_scrollingMode); |
| 293 } | 293 } |
| 294 m_marginHeight = marginHeight; | 294 m_marginHeight = marginHeight; |
| 295 frameOwnerPropertiesChanged(); | 295 frameOwnerPropertiesChanged(); |
| 296 } | 296 } |
| 297 | 297 |
| 298 } // namespace blink | 298 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2644633006:
Add KURL::protocolIsJavascript member function (Closed)
