OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2011 Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 279 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
290 exceptionState.throwDOMException(SyntaxError, "The URL contains a fragme
nt identifier ('" + m_url.fragmentIdentifier() + "'). Fragment identifiers are n
ot allowed in WebSocket URLs."); | 290 exceptionState.throwDOMException(SyntaxError, "The URL contains a fragme
nt identifier ('" + m_url.fragmentIdentifier() + "'). Fragment identifiers are n
ot allowed in WebSocket URLs."); |
291 return; | 291 return; |
292 } | 292 } |
293 if (!portAllowed(m_url)) { | 293 if (!portAllowed(m_url)) { |
294 m_state = CLOSED; | 294 m_state = CLOSED; |
295 exceptionState.throwSecurityError("The port " + String::number(m_url.por
t()) + " is not allowed."); | 295 exceptionState.throwSecurityError("The port " + String::number(m_url.por
t()) + " is not allowed."); |
296 return; | 296 return; |
297 } | 297 } |
298 | 298 |
299 // FIXME: Convert this to check the isolated world's Content Security Policy
once webkit.org/b/104520 is solved. | 299 // FIXME: Convert this to check the isolated world's Content Security Policy
once webkit.org/b/104520 is solved. |
300 bool shouldBypassMainWorldCSP = false; | 300 if (!ContentSecurityPolicy::shouldBypassMainWorld(executionContext()) && !ex
ecutionContext()->contentSecurityPolicy()->allowConnectToSource(m_url)) { |
301 if (executionContext()->isDocument()) { | |
302 Document* document = toDocument(executionContext()); | |
303 shouldBypassMainWorldCSP = document->frame()->script().shouldBypassMainW
orldCSP(); | |
304 } | |
305 if (!shouldBypassMainWorldCSP && !executionContext()->contentSecurityPolicy(
)->allowConnectToSource(m_url)) { | |
306 m_state = CLOSED; | 301 m_state = CLOSED; |
307 // The URL is safe to expose to JavaScript, as this check happens synchr
onously before redirection. | 302 // The URL is safe to expose to JavaScript, as this check happens synchr
onously before redirection. |
308 exceptionState.throwSecurityError("Refused to connect to '" + m_url.elid
edString() + "' because it violates the document's Content Security Policy."); | 303 exceptionState.throwSecurityError("Refused to connect to '" + m_url.elid
edString() + "' because it violates the document's Content Security Policy."); |
309 return; | 304 return; |
310 } | 305 } |
311 | 306 |
312 // Fail if not all elements in |protocols| are valid. | 307 // Fail if not all elements in |protocols| are valid. |
313 for (size_t i = 0; i < protocols.size(); ++i) { | 308 for (size_t i = 0; i < protocols.size(); ++i) { |
314 if (!isValidSubprotocolString(protocols[i])) { | 309 if (!isValidSubprotocolString(protocols[i])) { |
315 m_state = CLOSED; | 310 m_state = CLOSED; |
(...skipping 346 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
662 | 657 |
663 void DOMWebSocket::trace(Visitor* visitor) | 658 void DOMWebSocket::trace(Visitor* visitor) |
664 { | 659 { |
665 visitor->trace(m_channel); | 660 visitor->trace(m_channel); |
666 visitor->trace(m_eventQueue); | 661 visitor->trace(m_eventQueue); |
667 WebSocketChannelClient::trace(visitor); | 662 WebSocketChannelClient::trace(visitor); |
668 EventTargetWithInlineData::trace(visitor); | 663 EventTargetWithInlineData::trace(visitor); |
669 } | 664 } |
670 | 665 |
671 } // namespace blink | 666 } // namespace blink |
OLD | NEW |