| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2008 Apple Inc. All Rights Reserved. | 2 * Copyright (C) 2008 Apple Inc. All Rights Reserved. |
| 3 * Copyright (C) 2009, 2011 Google Inc. All Rights Reserved. | 3 * Copyright (C) 2009, 2011 Google Inc. All Rights Reserved. |
| 4 * | 4 * |
| 5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
| 6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
| 7 * are met: | 7 * are met: |
| 8 * 1. Redistributions of source code must retain the above copyright | 8 * 1. Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * 2. Redistributions in binary form must reproduce the above copyright | 10 * 2. Redistributions in binary form must reproduce the above copyright |
| (...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 175 ExecutionContext& executionContext = *this->getExecutionContext(); | 175 ExecutionContext& executionContext = *this->getExecutionContext(); |
| 176 | 176 |
| 177 Vector<KURL> completedURLs; | 177 Vector<KURL> completedURLs; |
| 178 for (const String& urlString : urls) { | 178 for (const String& urlString : urls) { |
| 179 const KURL& url = executionContext.completeURL(urlString); | 179 const KURL& url = executionContext.completeURL(urlString); |
| 180 if (!url.isValid()) { | 180 if (!url.isValid()) { |
| 181 exceptionState.throwDOMException( | 181 exceptionState.throwDOMException( |
| 182 SyntaxError, "The URL '" + urlString + "' is invalid."); | 182 SyntaxError, "The URL '" + urlString + "' is invalid."); |
| 183 return; | 183 return; |
| 184 } | 184 } |
| 185 if (!contentSecurityPolicy()->allowScriptFromSource(url, AtomicString(), | 185 if (!contentSecurityPolicy()->allowScriptFromSource( |
| 186 NotParserInserted)) { | 186 url, AtomicString(), IntegrityMetadataSet(), NotParserInserted)) { |
| 187 exceptionState.throwDOMException( | 187 exceptionState.throwDOMException( |
| 188 NetworkError, | 188 NetworkError, |
| 189 "The script at '" + url.elidedString() + "' failed to load."); | 189 "The script at '" + url.elidedString() + "' failed to load."); |
| 190 return; | 190 return; |
| 191 } | 191 } |
| 192 completedURLs.push_back(url); | 192 completedURLs.push_back(url); |
| 193 } | 193 } |
| 194 | 194 |
| 195 for (const KURL& completeURL : completedURLs) { | 195 for (const KURL& completeURL : completedURLs) { |
| 196 RefPtr<WorkerScriptLoader> scriptLoader(WorkerScriptLoader::create()); | 196 RefPtr<WorkerScriptLoader> scriptLoader(WorkerScriptLoader::create()); |
| (...skipping 175 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 372 visitor->trace(m_timers); | 372 visitor->trace(m_timers); |
| 373 visitor->trace(m_eventListeners); | 373 visitor->trace(m_eventListeners); |
| 374 visitor->trace(m_pendingErrorEvents); | 374 visitor->trace(m_pendingErrorEvents); |
| 375 ExecutionContext::trace(visitor); | 375 ExecutionContext::trace(visitor); |
| 376 EventTargetWithInlineData::trace(visitor); | 376 EventTargetWithInlineData::trace(visitor); |
| 377 SecurityContext::trace(visitor); | 377 SecurityContext::trace(visitor); |
| 378 Supplementable<WorkerGlobalScope>::trace(visitor); | 378 Supplementable<WorkerGlobalScope>::trace(visitor); |
| 379 } | 379 } |
| 380 | 380 |
| 381 } // namespace blink | 381 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2784753003:
CSP: Enable whitelisting of external JavaScript via hashes (Closed)
