| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2008, 2011 Apple Inc. All rights reserved. | 2 * Copyright (C) 2008, 2011 Apple Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * This library is free software; you can redistribute it and/or | 4 * This library is free software; you can redistribute it and/or |
| 5 * modify it under the terms of the GNU Library General Public | 5 * modify it under the terms of the GNU Library General Public |
| 6 * License as published by the Free Software Foundation; either | 6 * License as published by the Free Software Foundation; either |
| 7 * version 2 of the License, or (at your option) any later version. | 7 * version 2 of the License, or (at your option) any later version. |
| 8 * | 8 * |
| 9 * This library is distributed in the hope that it will be useful, | 9 * This library is distributed in the hope that it will be useful, |
| 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of | 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| (...skipping 12 matching lines...) Expand all Loading... |
| 23 | 23 |
| 24 #include "Frame.h" | 24 #include "Frame.h" |
| 25 #include "FrameLoader.h" | 25 #include "FrameLoader.h" |
| 26 #include "FrameLoaderClient.h" | 26 #include "FrameLoaderClient.h" |
| 27 #include "HTMLImageLoader.h" | 27 #include "HTMLImageLoader.h" |
| 28 #include "HTMLNames.h" | 28 #include "HTMLNames.h" |
| 29 #include "Image.h" | 29 #include "Image.h" |
| 30 #include "Page.h" | 30 #include "Page.h" |
| 31 #include "RenderEmbeddedObject.h" | 31 #include "RenderEmbeddedObject.h" |
| 32 #include "RenderImage.h" | 32 #include "RenderImage.h" |
| 33 #include "SecurityOrigin.h" |
| 33 | 34 |
| 34 namespace WebCore { | 35 namespace WebCore { |
| 35 | 36 |
| 36 HTMLPlugInImageElement::HTMLPlugInImageElement(const QualifiedName& tagName, Doc
ument* document, bool createdByParser, PreferPlugInsForImagesOption preferPlugIn
sForImagesOption) | 37 HTMLPlugInImageElement::HTMLPlugInImageElement(const QualifiedName& tagName, Doc
ument* document, bool createdByParser, PreferPlugInsForImagesOption preferPlugIn
sForImagesOption) |
| 37 : HTMLPlugInElement(tagName, document) | 38 : HTMLPlugInElement(tagName, document) |
| 38 // m_needsWidgetUpdate(!createdByParser) allows HTMLObjectElement to delay | 39 // m_needsWidgetUpdate(!createdByParser) allows HTMLObjectElement to delay |
| 39 // widget updates until after all children are parsed. For HTMLEmbedElement | 40 // widget updates until after all children are parsed. For HTMLEmbedElement |
| 40 // this delay is unnecessary, but it is simpler to make both classes share | 41 // this delay is unnecessary, but it is simpler to make both classes share |
| 41 // the same codepath in this class. | 42 // the same codepath in this class. |
| 42 , m_needsWidgetUpdate(!createdByParser) | 43 , m_needsWidgetUpdate(!createdByParser) |
| (...skipping 26 matching lines...) Expand all Loading... |
| 69 | 70 |
| 70 // We don't use m_url, as it may not be the final URL that the object loads, | 71 // We don't use m_url, as it may not be the final URL that the object loads, |
| 71 // depending on <param> values. | 72 // depending on <param> values. |
| 72 bool HTMLPlugInImageElement::allowedToLoadFrameURL(const String& url) | 73 bool HTMLPlugInImageElement::allowedToLoadFrameURL(const String& url) |
| 73 { | 74 { |
| 74 ASSERT(document()); | 75 ASSERT(document()); |
| 75 ASSERT(document()->frame()); | 76 ASSERT(document()->frame()); |
| 76 if (document()->frame()->page()->frameCount() >= Page::maxNumberOfFrames) | 77 if (document()->frame()->page()->frameCount() >= Page::maxNumberOfFrames) |
| 77 return false; | 78 return false; |
| 78 | 79 |
| 80 KURL completeURL = document()->completeURL(url); |
| 81 |
| 82 if (contentFrame() && protocolIsJavaScript(completeURL) |
| 83 && !document()->securityOrigin()->canAccess(contentDocument()->securityO
rigin())) |
| 84 return false; |
| 85 |
| 79 // We allow one level of self-reference because some sites depend on that. | 86 // We allow one level of self-reference because some sites depend on that. |
| 80 // But we don't allow more than one. | 87 // But we don't allow more than one. |
| 81 KURL completeURL = document()->completeURL(url); | |
| 82 bool foundSelfReference = false; | 88 bool foundSelfReference = false; |
| 83 for (Frame* frame = document()->frame(); frame; frame = frame->tree()->paren
t()) { | 89 for (Frame* frame = document()->frame(); frame; frame = frame->tree()->paren
t()) { |
| 84 if (equalIgnoringFragmentIdentifier(frame->document()->url(), completeUR
L)) { | 90 if (equalIgnoringFragmentIdentifier(frame->document()->url(), completeUR
L)) { |
| 85 if (foundSelfReference) | 91 if (foundSelfReference) |
| 86 return false; | 92 return false; |
| 87 foundSelfReference = true; | 93 foundSelfReference = true; |
| 88 } | 94 } |
| 89 } | 95 } |
| 90 return true; | 96 return true; |
| 91 } | 97 } |
| (...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 187 m_imageLoader->elementWillMoveToNewOwnerDocument(); | 193 m_imageLoader->elementWillMoveToNewOwnerDocument(); |
| 188 HTMLPlugInElement::willMoveToNewOwnerDocument(); | 194 HTMLPlugInElement::willMoveToNewOwnerDocument(); |
| 189 } | 195 } |
| 190 | 196 |
| 191 void HTMLPlugInImageElement::updateWidgetCallback(Node* n, unsigned) | 197 void HTMLPlugInImageElement::updateWidgetCallback(Node* n, unsigned) |
| 192 { | 198 { |
| 193 static_cast<HTMLPlugInImageElement*>(n)->updateWidgetIfNecessary(); | 199 static_cast<HTMLPlugInImageElement*>(n)->updateWidgetIfNecessary(); |
| 194 } | 200 } |
| 195 | 201 |
| 196 } // namespace WebCore | 202 } // namespace WebCore |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8206005:
Merge 96826 - Add check for JavaScript URLs in HTMLPlugInImageElement::allowedToLoadFrameURL (Closed)
Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/874/