Source/core/html/HTMLImportsController.cpp - Issue 47923008: Block execution of failed 'crossorigin' <script>s.

Side by Side Diff: Source/core/html/HTMLImportsController.cpp

Issue 47923008: Block execution of failed 'crossorigin' <script>s. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Patch Set: Remove RequestOriginPolicy + suggested improvements Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 2013 Google Inc. All rights reserved.	2 * Copyright (C) 2013 Google Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions are	5 * modification, are permitted provided that the following conditions are

6 * met:	6 * met:

7 *	7 *

8 * * Redistributions of source code must retain the above copyright	8 * * Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * * Redistributions in binary form must reproduce the above	10 * * Redistributions in binary form must reproduce the above

(...skipping 55 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
66 m_master = 0;	66 m_master = 0;

67 }	67 }

68	68

69 PassRefPtr<HTMLImportLoader> HTMLImportsController::createLoader(HTMLImport* par ent, FetchRequest request)	69 PassRefPtr<HTMLImportLoader> HTMLImportsController::createLoader(HTMLImport* par ent, FetchRequest request)

70 {	70 {

71 ASSERT(!request.url().isEmpty() && request.url().isValid());	71 ASSERT(!request.url().isEmpty() && request.url().isValid());

72	72

73 if (RefPtr<HTMLImportLoader> found = findLinkFor(request.url()))	73 if (RefPtr<HTMLImportLoader> found = findLinkFor(request.url()))

74 return found.release();	74 return found.release();

75	75

76 request.setPotentiallyCrossOriginEnabled(securityOrigin(), DoNotAllowStoredC redentials);	76 request.setCrossOriginAccessControl(securityOrigin(), DoNotAllowStoredCreden tials);

77 ResourcePtr<RawResource> resource = parent->document()->fetcher()->fetchImpo rt(request);	77 ResourcePtr<RawResource> resource = parent->document()->fetcher()->fetchImpo rt(request);

78 if (!resource)	78 if (!resource)

79 return 0;	79 return 0;

80	80

81 RefPtr<HTMLImportLoader> loader = adoptRef(new HTMLImportLoader(parent, requ est.url()));	81 RefPtr<HTMLImportLoader> loader = adoptRef(new HTMLImportLoader(parent, requ est.url()));

82 parent->appendChild(loader.get());	82 parent->appendChild(loader.get());

83 m_imports.append(loader);	83 m_imports.append(loader);

84	84

85 // We set resource after the import tree is built since	85 // We set resource after the import tree is built since

86 // Resource::addClient() immediately calls back to feed the bytes when the r esource is cached.	86 // Resource::addClient() immediately calls back to feed the bytes when the r esource is cached.

(...skipping 70 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
157	157

158 void HTMLImportsController::unblockTimerFired(Timer<HTMLImportsController>*)	158 void HTMLImportsController::unblockTimerFired(Timer<HTMLImportsController>*)

159 {	159 {

160 do {	160 do {

161 m_unblockTimer.stop();	161 m_unblockTimer.stop();

162 HTMLImport::unblock(this);	162 HTMLImport::unblock(this);

163 } while (m_unblockTimer.isActive());	163 } while (m_unblockTimer.isActive());

164 }	164 }

165	165

166 } // namespace WebCore	166 } // namespace WebCore

OLD	NEW

« Source/core/fetch/ResourceFetcher.h ('K') | « Source/core/html/HTMLImportLoader.cpp ('k') | Source/core/html/parser/HTMLScriptRunner.cpp » ('j') | no next file with comments »