Support Inline module script

third_party/WebKit/Source/core/dom/ScriptLoader.cpp

 /*
  * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
  *           (C) 1999 Antti Koivisto (koivisto@kde.org)
  *           (C) 2001 Dirk Mueller (mueller@kde.org)
  * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights
  * reserved.
  * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org>
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Library General Public
@@ skipping 302 matching lines @@
   if (!IsScriptForEventSupported())
     return false;
 
   // 14. is handled below.
 
   // 15. "Let CORS setting be the current state of the element's
   //      crossorigin content attribute."
   CrossOriginAttributeValue cross_origin =
       GetCrossOriginAttributeValue(element_->CrossOriginAttributeValue());
 
-  // 16. is handled below.
+  // 16. "Let module script credentials mode be determined by switching
+  //      on CORS setting:"
+  WebURLRequest::FetchCredentialsMode credentials_mode =
+      WebURLRequest::kFetchCredentialsModeOmit;
+  switch (cross_origin) {
+    case kCrossOriginAttributeNotSet:
+      credentials_mode = WebURLRequest::kFetchCredentialsModeOmit;
+      break;
+    case kCrossOriginAttributeAnonymous:
+      credentials_mode = WebURLRequest::kFetchCredentialsModeSameOrigin;
+      break;
+    case kCrossOriginAttributeUseCredentials:
+      credentials_mode = WebURLRequest::kFetchCredentialsModeInclude;
+      break;
+  }
 
   // 17. "If the script element has a nonce attribute,
   //      then let cryptographic nonce be that attribute's value.
   //      Otherwise, let cryptographic nonce be the empty string."
   String nonce;
   if (element_->IsNonceableElement())
     nonce = element_->nonce();
 
   // 18. is handled below.
 
@@ skipping 48 matching lines @@
       //      or if getting an encoding failed, let encoding
       //      be the same as the encoding of the script element's node
       //      document."
       // TODO(hiroshige): Should we handle failure in getting an encoding?
       String encoding;
       if (!element_->CharsetAttributeValue().IsEmpty())
         encoding = element_->CharsetAttributeValue();
       else
         encoding = element_document.characterSet();
 
-      // Step 16 is skipped because "module script credentials" is not used
-      // for classic scripts.
-
       // 18. "If the script element has an integrity attribute,
       //      then let integrity metadata be that attribute's value.
       //      Otherwise, let integrity metadata be the empty string."
       String integrity_attr = element_->IntegrityAttributeValue();
       IntegrityMetadataSet integrity_metadata;
       if (!integrity_attr.IsEmpty()) {
         SubresourceIntegrity::ParseIntegrityAttribute(
             integrity_attr, integrity_metadata, &element_document);
       }
 
       if (!FetchClassicScript(url, element_document.Fetcher(), nonce,
                               integrity_metadata, parser_state, cross_origin,
                               element_document.GetSecurityOrigin(), encoding)) {
         // TODO(hiroshige): Make this asynchronous. Currently we fire the error
         // event synchronously to keep the existing behavior.
         DispatchErrorEvent();
         return false;
       }
 
       DCHECK(resource_);
       DCHECK(!module_tree_client_);
     } else {
       // - "module":
 
       // Steps 14 and 18 are skipped because they are not used in module
       // scripts.
 
-      // 16. "Let module script credentials mode be determined by switching
-      //      on CORS setting:"
-      WebURLRequest::FetchCredentialsMode credentials_mode =
-          WebURLRequest::kFetchCredentialsModeOmit;
-      switch (cross_origin) {
-        case kCrossOriginAttributeNotSet:
-          credentials_mode = WebURLRequest::kFetchCredentialsModeOmit;
-          break;
-        case kCrossOriginAttributeAnonymous:
-          credentials_mode = WebURLRequest::kFetchCredentialsModeSameOrigin;
-          break;
-        case kCrossOriginAttributeUseCredentials:
-          credentials_mode = WebURLRequest::kFetchCredentialsModeInclude;
-          break;
-      }
-
       DCHECK(RuntimeEnabledFeatures::moduleScriptsEnabled());
       Modulator* modulator = Modulator::From(
           ToScriptStateForMainWorld(element_document.GetFrame()));
       FetchModuleScriptTree(url, modulator, nonce, parser_state,
                             credentials_mode);
 
       DCHECK(!resource_);
       DCHECK(module_tree_client_);
     }
 
@@ skipping 26 matching lines @@
     // TODO(hiroshige): Make them merged or consistent.
 
     // 22.2. "Switch on the script's type:"
     switch (GetScriptType()) {
       // - "classic":
       case ScriptType::kClassic:
         // TODO(hiroshige): Clarify how Step 22.2 is implemented for "classic".
         break;
 
       // - "module":
-      case ScriptType::kModule:
-        // TODO(hiroshige): Implement inline module scripts.
-        element_document.AddConsoleMessage(ConsoleMessage::Create(
-            kJSMessageSource, kErrorMessageLevel,
-            "Inline module script is not yet supported",
-            SourceLocation::Create(element_document.Url().GetString(),
-                                   script_start_position.line_.OneBasedInt(),
-                                   script_start_position.column_.OneBasedInt(),
-                                   nullptr)));
-        return false;
+      case ScriptType::kModule: {
+        // 1. Let base URL be the script element's node document's document
+        // base URL.
+        KURL base_url = element_document.BaseURL();
+
+        // 2. Let script be the result of creating a module script using
+        // source text, settings, base URL, cryptographic nonce, parser state,
+        // and module script credentials mode.
+        Modulator* modulator = Modulator::From(
+            ToScriptStateForMainWorld(element_document.GetFrame()));
+        ModuleScript* module_script = ModuleScript::Create(
+            ScriptContent(), modulator, base_url, nonce, parser_state,
+            credentials_mode, kSharableCrossOrigin);
+
+        // 3. If this returns null, set the script's script to null and abort
+        // these substeps; the script is ready.
+        if (!module_script)
+          return false;
+
+        // 4. Fetch the descendants of script (using an empty ancestor list).
+        // When this asynchronously completes, set the script's script to
+        // the result. At that time, the script is ready.
+        DCHECK(!module_tree_client_);
+        module_tree_client_ = ModulePendingScriptTreeClient::Create();
+        modulator->FetchDescendantsForInlineScript(module_script,
+                                                   module_tree_client_);
+        break;
+      }
     }
   }
 
   // [Intervention]
   // Since the asynchronous, low priority fetch for doc.written blocked
   // script is not for execution, return early from here. Watch for its
   // completion to be able to remove it from the memory cache.
   if (GetScriptType() == ScriptType::kClassic &&
       document_write_intervention_ ==
           DocumentWriteIntervention::kFetchDocWrittenScriptDeferIdle) {
@@ skipping 468 matching lines @@
   //     then abort these steps at this point. The script is not executed.
   return DeprecatedEqualIgnoringCase(event_attribute, "onload") ||
          DeprecatedEqualIgnoringCase(event_attribute, "onload()");
 }
 
 String ScriptLoader::ScriptContent() const {
   return element_->TextFromChildren();
 }
 
 }  // namespace blink