| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 1999-2001 Harri Porten (porten@kde.org) | 2 * Copyright (C) 1999-2001 Harri Porten (porten@kde.org) |
| 3 * Copyright (C) 2001 Peter Kelly (pmk@post.com) | 3 * Copyright (C) 2001 Peter Kelly (pmk@post.com) |
| 4 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. | 4 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. |
| 5 * | 5 * |
| 6 * This library is free software; you can redistribute it and/or | 6 * This library is free software; you can redistribute it and/or |
| 7 * modify it under the terms of the GNU Lesser General Public | 7 * modify it under the terms of the GNU Lesser General Public |
| 8 * License as published by the Free Software Foundation; either | 8 * License as published by the Free Software Foundation; either |
| 9 * version 2 of the License, or (at your option) any later version. | 9 * version 2 of the License, or (at your option) any later version. |
| 10 * | 10 * |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 83 | 83 |
| 84 // We need to hold onto the Frame here because executing script can | 84 // We need to hold onto the Frame here because executing script can |
| 85 // destroy the frame. | 85 // destroy the frame. |
| 86 RefPtr<Frame> protector(m_frame); | 86 RefPtr<Frame> protector(m_frame); |
| 87 | 87 |
| 88 const int javascriptSchemeLength = sizeof("javascript:") - 1; | 88 const int javascriptSchemeLength = sizeof("javascript:") - 1; |
| 89 | 89 |
| 90 String decodedURL = decodeURLEscapeSequences(url.string()); | 90 String decodedURL = decodeURLEscapeSequences(url.string()); |
| 91 ScriptValue result; | 91 ScriptValue result; |
| 92 if (xssAuditor()->canEvaluateJavaScriptURL(decodedURL)) | 92 if (xssAuditor()->canEvaluateJavaScriptURL(decodedURL)) |
| 93 result = executeScript(decodedURL.substring(javascriptSchemeLength), pro
cessingUserGesture(), AllowXSS); | 93 result = executeScript(decodedURL.substring(javascriptSchemeLength), fal
se, AllowXSS); |
| 94 | 94 |
| 95 // If executing script caused this frame to be removed from the page, we | 95 // If executing script caused this frame to be removed from the page, we |
| 96 // don't want to try to replace its document! | 96 // don't want to try to replace its document! |
| 97 if (!m_frame->page()) | 97 if (!m_frame->page()) |
| 98 return true; | 98 return true; |
| 99 | 99 |
| 100 String scriptResult; | 100 String scriptResult; |
| 101 #if USE(JSC) | 101 #if USE(JSC) |
| 102 JSDOMWindowShell* shell = windowShell(mainThreadNormalWorld()); | 102 JSDOMWindowShell* shell = windowShell(mainThreadNormalWorld()); |
| 103 JSC::ExecState* exec = shell->window()->globalExec(); | 103 JSC::ExecState* exec = shell->window()->globalExec(); |
| 104 if (!result.getString(exec, scriptResult)) | 104 if (!result.getString(exec, scriptResult)) |
| 105 return true; | 105 return true; |
| 106 #else | 106 #else |
| 107 if (!result.getString(scriptResult)) | 107 if (!result.getString(scriptResult)) |
| 108 return true; | 108 return true; |
| 109 #endif | 109 #endif |
| 110 | 110 |
| 111 // FIXME: We should always replace the document, but doing so | 111 // FIXME: We should always replace the document, but doing so |
| 112 // synchronously can cause crashes: | 112 // synchronously can cause crashes: |
| 113 // http://bugs.webkit.org/show_bug.cgi?id=16782 | 113 // http://bugs.webkit.org/show_bug.cgi?id=16782 |
| 114 if (shouldReplaceDocumentIfJavaScriptURL == ReplaceDocumentIfJavaScriptURL) | 114 if (shouldReplaceDocumentIfJavaScriptURL == ReplaceDocumentIfJavaScriptURL) |
| 115 m_frame->loader()->writer()->replaceDocument(scriptResult); | 115 m_frame->loader()->writer()->replaceDocument(scriptResult); |
| 116 | 116 |
| 117 return true; | 117 return true; |
| 118 } | 118 } |
| 119 | 119 |
| 120 } // namespace WebCore | 120 } // namespace WebCore |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6482031:
Merge 77049 (Closed)
Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/648/