OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv
ed. | 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv
ed. |
6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> | 6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> |
7 * | 7 * |
8 * This library is free software; you can redistribute it and/or | 8 * This library is free software; you can redistribute it and/or |
9 * modify it under the terms of the GNU Library General Public | 9 * modify it under the terms of the GNU Library General Public |
10 * License as published by the Free Software Foundation; either | 10 * License as published by the Free Software Foundation; either |
(...skipping 290 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
301 if (sourceCode.isEmpty()) | 301 if (sourceCode.isEmpty()) |
302 return; | 302 return; |
303 | 303 |
304 RefPtr<Document> elementDocument(m_element->document()); | 304 RefPtr<Document> elementDocument(m_element->document()); |
305 RefPtr<Document> contextDocument = elementDocument->contextDocument().get(); | 305 RefPtr<Document> contextDocument = elementDocument->contextDocument().get(); |
306 if (!contextDocument) | 306 if (!contextDocument) |
307 return; | 307 return; |
308 | 308 |
309 Frame* frame = contextDocument->frame(); | 309 Frame* frame = contextDocument->frame(); |
310 | 310 |
311 bool shouldBypassMainWorldContentSecurityPolicy = (frame && frame->script()-
>shouldBypassMainWorldContentSecurityPolicy()) || elementDocument->contentSecuri
tyPolicy()->allowScriptNonce(m_element->fastGetAttribute(HTMLNames::nonceAttr)); | 311 bool shouldBypassMainWorldContentSecurityPolicy = (frame && frame->script().
shouldBypassMainWorldContentSecurityPolicy()) || elementDocument->contentSecurit
yPolicy()->allowScriptNonce(m_element->fastGetAttribute(HTMLNames::nonceAttr)); |
312 | 312 |
313 if (!m_isExternalScript && (!shouldBypassMainWorldContentSecurityPolicy && !
elementDocument->contentSecurityPolicy()->allowInlineScript(elementDocument->url
(), m_startLineNumber))) | 313 if (!m_isExternalScript && (!shouldBypassMainWorldContentSecurityPolicy && !
elementDocument->contentSecurityPolicy()->allowInlineScript(elementDocument->url
(), m_startLineNumber))) |
314 return; | 314 return; |
315 | 315 |
316 if (m_isExternalScript && m_resource && !m_resource->mimeTypeAllowedByNosnif
f()) { | 316 if (m_isExternalScript && m_resource && !m_resource->mimeTypeAllowedByNosnif
f()) { |
317 contextDocument->addConsoleMessage(SecurityMessageSource, ErrorMessageLe
vel, "Refused to execute script from '" + m_resource->url().elidedString() + "'
because its MIME type ('" + m_resource->mimeType() + "') is not executable, and
strict MIME type checking is enabled."); | 317 contextDocument->addConsoleMessage(SecurityMessageSource, ErrorMessageLe
vel, "Refused to execute script from '" + m_resource->url().elidedString() + "'
because its MIME type ('" + m_resource->mimeType() + "') is not executable, and
strict MIME type checking is enabled."); |
318 return; | 318 return; |
319 } | 319 } |
320 | 320 |
321 if (frame) { | 321 if (frame) { |
322 IgnoreDestructiveWriteCountIncrementer ignoreDesctructiveWriteCountIncre
menter(m_isExternalScript ? contextDocument.get() : 0); | 322 IgnoreDestructiveWriteCountIncrementer ignoreDesctructiveWriteCountIncre
menter(m_isExternalScript ? contextDocument.get() : 0); |
323 | 323 |
324 if (isHTMLScriptLoader(m_element)) | 324 if (isHTMLScriptLoader(m_element)) |
325 contextDocument->pushCurrentScript(toHTMLScriptElement(m_element)); | 325 contextDocument->pushCurrentScript(toHTMLScriptElement(m_element)); |
326 | 326 |
327 AccessControlStatus corsCheck = NotSharableCrossOrigin; | 327 AccessControlStatus corsCheck = NotSharableCrossOrigin; |
328 if (sourceCode.resource() && sourceCode.resource()->passesAccessControlC
heck(m_element->document().securityOrigin())) | 328 if (sourceCode.resource() && sourceCode.resource()->passesAccessControlC
heck(m_element->document().securityOrigin())) |
329 corsCheck = SharableCrossOrigin; | 329 corsCheck = SharableCrossOrigin; |
330 | 330 |
331 // Create a script from the script element node, using the script | 331 // Create a script from the script element node, using the script |
332 // block's source and the script block's type. | 332 // block's source and the script block's type. |
333 // Note: This is where the script is compiled and actually executed. | 333 // Note: This is where the script is compiled and actually executed. |
334 frame->script()->executeScriptInMainWorld(sourceCode, corsCheck); | 334 frame->script().executeScriptInMainWorld(sourceCode, corsCheck); |
335 | 335 |
336 if (isHTMLScriptLoader(m_element)) { | 336 if (isHTMLScriptLoader(m_element)) { |
337 ASSERT(contextDocument->currentScript() == m_element); | 337 ASSERT(contextDocument->currentScript() == m_element); |
338 contextDocument->popCurrentScript(); | 338 contextDocument->popCurrentScript(); |
339 } | 339 } |
340 } | 340 } |
341 } | 341 } |
342 | 342 |
343 void ScriptLoader::stopLoadRequest() | 343 void ScriptLoader::stopLoadRequest() |
344 { | 344 { |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
434 if (isHTMLScriptLoader(element)) | 434 if (isHTMLScriptLoader(element)) |
435 return toHTMLScriptElement(element)->loader(); | 435 return toHTMLScriptElement(element)->loader(); |
436 | 436 |
437 if (isSVGScriptLoader(element)) | 437 if (isSVGScriptLoader(element)) |
438 return toSVGScriptElement(element)->loader(); | 438 return toSVGScriptElement(element)->loader(); |
439 | 439 |
440 return 0; | 440 return 0; |
441 } | 441 } |
442 | 442 |
443 } | 443 } |
OLD | NEW |