Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(424)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/html/HTMLObjectElement.cpp

Issue 76303002: CSP: Check <param> element values against the document's CSP before loading. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Async. Created 6 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/resources/object-src-param.js ('k') | Source/core/html/HTMLPlugInElement.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2000 Stefan Schimanski (1Stein@gmx.de) 4 * (C) 2000 Stefan Schimanski (1Stein@gmx.de)
5 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011 Apple Inc. All rights reserved. 5 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011 Apple Inc. All rights reserved.
6 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies) 6 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies)
7 * 7 *
8 * This library is free software; you can redistribute it and/or 8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Library General Public 9 * modify it under the terms of the GNU Library General Public
10 * License as published by the Free Software Foundation; either 10 * License as published by the Free Software Foundation; either
(...skipping 252 matching lines...) Expand 10 before | Expand all | Expand 10 after
263 } 263 }
264 264
265 // FIXME: This should be unified with HTMLEmbedElement::updateWidget and 265 // FIXME: This should be unified with HTMLEmbedElement::updateWidget and
266 // moved down into HTMLPluginElement.cpp 266 // moved down into HTMLPluginElement.cpp
267 void HTMLObjectElement::updateWidgetInternal() 267 void HTMLObjectElement::updateWidgetInternal()
268 { 268 {
269 ASSERT(!renderEmbeddedObject()->showsUnavailablePluginIndicator()); 269 ASSERT(!renderEmbeddedObject()->showsUnavailablePluginIndicator());
270 ASSERT(needsWidgetUpdate()); 270 ASSERT(needsWidgetUpdate());
271 setNeedsWidgetUpdate(false); 271 setNeedsWidgetUpdate(false);
272 // FIXME: This should ASSERT isFinishedParsingChildren() instead. 272 // FIXME: This should ASSERT isFinishedParsingChildren() instead.
273 if (!isFinishedParsingChildren()) 273 if (!isFinishedParsingChildren()) {
274 dispatchErrorEvent();
274 return; 275 return;
276 }
275 277
276 // FIXME: I'm not sure it's ever possible to get into updateWidget during a 278 // FIXME: I'm not sure it's ever possible to get into updateWidget during a
277 // removal, but just in case we should avoid loading the frame to prevent 279 // removal, but just in case we should avoid loading the frame to prevent
278 // security bugs. 280 // security bugs.
279 if (!SubframeLoadingDisabler::canLoadFrame(*this)) 281 if (!SubframeLoadingDisabler::canLoadFrame(*this)) {
282 dispatchErrorEvent();
280 return; 283 return;
284 }
281 285
282 String url = this->url(); 286 String url = this->url();
283 String serviceType = m_serviceType; 287 String serviceType = m_serviceType;
284 288
285 // FIXME: These should be joined into a PluginParameters class. 289 // FIXME: These should be joined into a PluginParameters class.
286 Vector<String> paramNames; 290 Vector<String> paramNames;
287 Vector<String> paramValues; 291 Vector<String> paramValues;
288 parametersForPlugin(paramNames, paramValues, url, serviceType); 292 parametersForPlugin(paramNames, paramValues, url, serviceType);
289 293
290 // Note: url is modified above by parametersForPlugin. 294 // Note: url is modified above by parametersForPlugin.
291 if (!allowedToLoadFrameURL(url)) 295 if (!allowedToLoadFrameURL(url)) {
296 dispatchErrorEvent();
292 return; 297 return;
298 }
293 299
294 bool fallbackContent = hasFallbackContent(); 300 bool fallbackContent = hasFallbackContent();
295 renderEmbeddedObject()->setHasFallbackContent(fallbackContent); 301 renderEmbeddedObject()->setHasFallbackContent(fallbackContent);
296 302
297 RefPtr<HTMLObjectElement> protect(this); // beforeload and plugin loading ca n make arbitrary DOM mutations. 303 RefPtr<HTMLObjectElement> protect(this); // beforeload and plugin loading ca n make arbitrary DOM mutations.
298 bool beforeLoadAllowedLoad = dispatchBeforeLoadEvent(url); 304 bool beforeLoadAllowedLoad = dispatchBeforeLoadEvent(url);
299 if (!renderer()) // Do not load the plugin if beforeload removed this elemen t or its renderer. 305 if (!renderer()) // Do not load the plugin if beforeload removed this elemen t or its renderer.
300 return; 306 return;
301 307
302 bool success = beforeLoadAllowedLoad && hasValidClassId() && requestObject(u rl, serviceType, paramNames, paramValues); 308 if (!beforeLoadAllowedLoad || !hasValidClassId() || !requestObject(url, serv iceType, paramNames, paramValues)) {
303 if (!success && fallbackContent) 309 if (!url.isEmpty())
304 renderFallbackContent(); 310 dispatchErrorEvent();
311 if (fallbackContent)
312 renderFallbackContent();
313 }
305 } 314 }
306 315
307 bool HTMLObjectElement::rendererIsNeeded(const RenderStyle& style) 316 bool HTMLObjectElement::rendererIsNeeded(const RenderStyle& style)
308 { 317 {
309 // FIXME: This check should not be needed, detached documents never render! 318 // FIXME: This check should not be needed, detached documents never render!
310 if (!document().frame()) 319 if (!document().frame())
311 return false; 320 return false;
312 return HTMLPlugInElement::rendererIsNeeded(style); 321 return HTMLPlugInElement::rendererIsNeeded(style);
313 } 322 }
314 323
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after
445 { 454 {
446 return fastHasAttribute(usemapAttr); 455 return fastHasAttribute(usemapAttr);
447 } 456 }
448 457
449 bool HTMLObjectElement::useFallbackContent() const 458 bool HTMLObjectElement::useFallbackContent() const
450 { 459 {
451 return HTMLPlugInElement::useFallbackContent() || m_useFallbackContent; 460 return HTMLPlugInElement::useFallbackContent() || m_useFallbackContent;
452 } 461 }
453 462
454 } 463 }
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/contentSecurityPolicy/resources/object-src-param.js ('k') | Source/core/html/HTMLPlugInElement.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698