| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
| 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
| 4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
| 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights | 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights |
| 6 * reserved. | 6 * reserved. |
| 7 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> | 7 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> |
| 8 * | 8 * |
| 9 * This library is free software; you can redistribute it and/or | 9 * This library is free software; you can redistribute it and/or |
| 10 * modify it under the terms of the GNU Library General Public | 10 * modify it under the terms of the GNU Library General Public |
| (...skipping 322 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 333 credentials_mode = WebURLRequest::kFetchCredentialsModeSameOrigin; | 333 credentials_mode = WebURLRequest::kFetchCredentialsModeSameOrigin; |
| 334 break; | 334 break; |
| 335 case kCrossOriginAttributeUseCredentials: | 335 case kCrossOriginAttributeUseCredentials: |
| 336 credentials_mode = WebURLRequest::kFetchCredentialsModeInclude; | 336 credentials_mode = WebURLRequest::kFetchCredentialsModeInclude; |
| 337 break; | 337 break; |
| 338 } | 338 } |
| 339 | 339 |
| 340 // 17. "If the script element has a nonce attribute, | 340 // 17. "If the script element has a nonce attribute, |
| 341 // then let cryptographic nonce be that attribute's value. | 341 // then let cryptographic nonce be that attribute's value. |
| 342 // Otherwise, let cryptographic nonce be the empty string." | 342 // Otherwise, let cryptographic nonce be the empty string." |
| 343 String nonce; | 343 String nonce = element_->GetNonceForElement(); |
| 344 if (element_->IsNonceableElement()) | |
| 345 nonce = element_->nonce(); | |
| 346 | 344 |
| 347 // 18. is handled below. | 345 // 18. is handled below. |
| 348 | 346 |
| 349 // 19. "Let parser state be "parser-inserted" | 347 // 19. "Let parser state be "parser-inserted" |
| 350 // if the script element has been flagged as "parser-inserted", | 348 // if the script element has been flagged as "parser-inserted", |
| 351 // and "not parser-inserted" otherwise." | 349 // and "not parser-inserted" otherwise." |
| 352 ParserDisposition parser_state = | 350 ParserDisposition parser_state = |
| 353 IsParserInserted() ? kParserInserted : kNotParserInserted; | 351 IsParserInserted() ? kParserInserted : kNotParserInserted; |
| 354 | 352 |
| 355 // 21. "If the element has a src content attribute, run these substeps:" | 353 // 21. "If the element has a src content attribute, run these substeps:" |
| (...skipping 465 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 821 return true; | 819 return true; |
| 822 | 820 |
| 823 if (!is_external_script_) { | 821 if (!is_external_script_) { |
| 824 const ContentSecurityPolicy* csp = | 822 const ContentSecurityPolicy* csp = |
| 825 element_document->GetContentSecurityPolicy(); | 823 element_document->GetContentSecurityPolicy(); |
| 826 bool should_bypass_main_world_csp = | 824 bool should_bypass_main_world_csp = |
| 827 (frame->GetScriptController().ShouldBypassMainWorldCSP()) || | 825 (frame->GetScriptController().ShouldBypassMainWorldCSP()) || |
| 828 csp->AllowScriptWithHash(script->InlineSourceTextForCSP(), | 826 csp->AllowScriptWithHash(script->InlineSourceTextForCSP(), |
| 829 ContentSecurityPolicy::InlineType::kBlock); | 827 ContentSecurityPolicy::InlineType::kBlock); |
| 830 | 828 |
| 831 AtomicString nonce = | 829 AtomicString nonce = element_->GetNonceForElement(); |
| 832 element_->IsNonceableElement() ? element_->nonce() : g_null_atom; | |
| 833 if (!should_bypass_main_world_csp && | 830 if (!should_bypass_main_world_csp && |
| 834 !element_->AllowInlineScriptForCSP(nonce, start_line_number_, | 831 !element_->AllowInlineScriptForCSP(nonce, start_line_number_, |
| 835 script->InlineSourceTextForCSP())) { | 832 script->InlineSourceTextForCSP())) { |
| 836 return false; | 833 return false; |
| 837 } | 834 } |
| 838 } | 835 } |
| 839 | 836 |
| 840 if (is_external_script_) { | 837 if (is_external_script_) { |
| 841 if (!script->CheckMIMETypeBeforeRunScript( | 838 if (!script->CheckMIMETypeBeforeRunScript( |
| 842 context_document, element_->GetDocument().GetSecurityOrigin())) | 839 context_document, element_->GetDocument().GetSecurityOrigin())) |
| (...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 980 // then abort these steps at this point. The script is not executed. | 977 // then abort these steps at this point. The script is not executed. |
| 981 return DeprecatedEqualIgnoringCase(event_attribute, "onload") || | 978 return DeprecatedEqualIgnoringCase(event_attribute, "onload") || |
| 982 DeprecatedEqualIgnoringCase(event_attribute, "onload()"); | 979 DeprecatedEqualIgnoringCase(event_attribute, "onload()"); |
| 983 } | 980 } |
| 984 | 981 |
| 985 String ScriptLoader::ScriptContent() const { | 982 String ScriptLoader::ScriptContent() const { |
| 986 return element_->TextFromChildren(); | 983 return element_->TextFromChildren(); |
| 987 } | 984 } |
| 988 | 985 |
| 989 } // namespace blink | 986 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2801243002:
More tweaks to <script nonce> hiding. (Closed)
