OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
4 * (C) 2000 Simon Hausmann (hausmann@kde.org) | 4 * (C) 2000 Simon Hausmann (hausmann@kde.org) |
5 * (C) 2001 Dirk Mueller (mueller@kde.org) | 5 * (C) 2001 Dirk Mueller (mueller@kde.org) |
6 * Copyright (C) 2004, 2006, 2008, 2009 Apple Inc. All rights reserved. | 6 * Copyright (C) 2004, 2006, 2008, 2009 Apple Inc. All rights reserved. |
7 * | 7 * |
8 * This library is free software; you can redistribute it and/or | 8 * This library is free software; you can redistribute it and/or |
9 * modify it under the terms of the GNU Library General Public | 9 * modify it under the terms of the GNU Library General Public |
10 * License as published by the Free Software Foundation; either | 10 * License as published by the Free Software Foundation; either |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
50 m_scrollingMode(ScrollbarAuto), | 50 m_scrollingMode(ScrollbarAuto), |
51 m_marginWidth(-1), | 51 m_marginWidth(-1), |
52 m_marginHeight(-1) {} | 52 m_marginHeight(-1) {} |
53 | 53 |
54 bool HTMLFrameElementBase::isURLAllowed() const { | 54 bool HTMLFrameElementBase::isURLAllowed() const { |
55 if (m_URL.isEmpty()) | 55 if (m_URL.isEmpty()) |
56 return true; | 56 return true; |
57 | 57 |
58 const KURL& completeURL = document().completeURL(m_URL); | 58 const KURL& completeURL = document().completeURL(m_URL); |
59 | 59 |
60 if (contentFrame() && protocolIsJavaScript(completeURL)) { | 60 if (contentFrame() && completeURL.protocolIsJavaScript()) { |
61 // Check if the caller can execute script in the context of the content | 61 // Check if the caller can execute script in the context of the content |
62 // frame. NB: This check can be invoked without any JS on the stack for some | 62 // frame. NB: This check can be invoked without any JS on the stack for some |
63 // parser operations. In such case, we use the origin of the frame element's | 63 // parser operations. In such case, we use the origin of the frame element's |
64 // containing document as the caller context. | 64 // containing document as the caller context. |
65 v8::Isolate* isolate = toIsolate(&document()); | 65 v8::Isolate* isolate = toIsolate(&document()); |
66 LocalDOMWindow* accessingWindow = isolate->InContext() | 66 LocalDOMWindow* accessingWindow = isolate->InContext() |
67 ? currentDOMWindow(isolate) | 67 ? currentDOMWindow(isolate) |
68 : document().domWindow(); | 68 : document().domWindow(); |
69 if (!BindingSecurity::shouldAllowAccessToFrame( | 69 if (!BindingSecurity::shouldAllowAccessToFrame( |
70 accessingWindow, contentFrame(), | 70 accessingWindow, contentFrame(), |
(...skipping 15 matching lines...) Expand all Loading... |
86 if (m_URL.isEmpty()) | 86 if (m_URL.isEmpty()) |
87 m_URL = AtomicString(blankURL().getString()); | 87 m_URL = AtomicString(blankURL().getString()); |
88 | 88 |
89 LocalFrame* parentFrame = document().frame(); | 89 LocalFrame* parentFrame = document().frame(); |
90 if (!parentFrame) | 90 if (!parentFrame) |
91 return; | 91 return; |
92 | 92 |
93 // Support for <frame src="javascript:string"> | 93 // Support for <frame src="javascript:string"> |
94 KURL scriptURL; | 94 KURL scriptURL; |
95 KURL url = document().completeURL(m_URL); | 95 KURL url = document().completeURL(m_URL); |
96 if (protocolIsJavaScript(m_URL)) { | 96 if (url.protocolIsJavaScript()) { |
97 // We'll set/execute |scriptURL| iff CSP allows us to execute inline | 97 // We'll set/execute |scriptURL| iff CSP allows us to execute inline |
98 // JavaScript. If CSP blocks inline JavaScript, then exit early if | 98 // JavaScript. If CSP blocks inline JavaScript, then exit early if |
99 // we're trying to execute script in an existing document. If we're | 99 // we're trying to execute script in an existing document. If we're |
100 // executing JavaScript to create a new document (e.g. | 100 // executing JavaScript to create a new document (e.g. |
101 // '<iframe src="javascript:...">' then continue loading 'about:blank' | 101 // '<iframe src="javascript:...">' then continue loading 'about:blank' |
102 // so that the frame is populated with something reasonable. | 102 // so that the frame is populated with something reasonable. |
103 if (ContentSecurityPolicy::shouldBypassMainWorld(&document()) || | 103 if (ContentSecurityPolicy::shouldBypassMainWorld(&document()) || |
104 document().contentSecurityPolicy()->allowJavaScriptURLs( | 104 document().contentSecurityPolicy()->allowJavaScriptURLs( |
105 this, document().url(), OrdinalNumber::first())) { | 105 this, document().url(), OrdinalNumber::first())) { |
106 scriptURL = url; | 106 scriptURL = url; |
(...skipping 182 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
289 | 289 |
290 if (contentDocument()) { | 290 if (contentDocument()) { |
291 contentDocument()->willChangeFrameOwnerProperties( | 291 contentDocument()->willChangeFrameOwnerProperties( |
292 m_marginWidth, marginHeight, m_scrollingMode); | 292 m_marginWidth, marginHeight, m_scrollingMode); |
293 } | 293 } |
294 m_marginHeight = marginHeight; | 294 m_marginHeight = marginHeight; |
295 frameOwnerPropertiesChanged(); | 295 frameOwnerPropertiesChanged(); |
296 } | 296 } |
297 | 297 |
298 } // namespace blink | 298 } // namespace blink |
OLD | NEW |