Index: Source/core/dom/ScriptLoader.cpp |
diff --git a/Source/core/dom/ScriptLoader.cpp b/Source/core/dom/ScriptLoader.cpp |
index cfefea53954aafc27b1b0424aef16358fdbecc4d..ba033e6fe33e553f23cff0eb1493f7a5b02534fa 100644 |
--- a/Source/core/dom/ScriptLoader.cpp |
+++ b/Source/core/dom/ScriptLoader.cpp |
@@ -308,7 +308,11 @@ void ScriptLoader::executeScript(const ScriptSourceCode& sourceCode) |
Frame* frame = contextDocument->frame(); |
- bool shouldBypassMainWorldContentSecurityPolicy = (frame && frame->script()->shouldBypassMainWorldContentSecurityPolicy()) || elementDocument->contentSecurityPolicy()->allowScriptNonce(m_element->fastGetAttribute(HTMLNames::nonceAttr)); |
+ bool frameContentSecurityPolicyBypass = frame && frame->script()->shouldBypassMainWorldContentSecurityPolicy(); |
+ bool allowScriptNonce = elementDocument->contentSecurityPolicy()->allowScriptNonce(m_element->fastGetAttribute(HTMLNames::nonceAttr)); |
+ bool allowScriptHash = elementDocument->contentSecurityPolicy()->allowHash(sourceCode.source()); |
abarth-chromium
2013/10/17 02:28:09
We shouldn't call either of these functions if fra
jww
2013/10/18 22:58:04
I don't believe that's true. These functions don't
|
+ |
+ bool shouldBypassMainWorldContentSecurityPolicy = frameContentSecurityPolicyBypass || allowScriptNonce || allowScriptHash; |
if (!m_isExternalScript && (!shouldBypassMainWorldContentSecurityPolicy && !elementDocument->contentSecurityPolicy()->allowInlineScript(elementDocument->url(), m_startLineNumber))) |
return; |