Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(206)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/workers/AbstractWorker.cpp

Issue 84423002: Correctly resolve empty script URLs in Worker constructors. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/http/tests/workers/worker-invalid-url.html ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2010 Google Inc. All rights reserved. 2 * Copyright (C) 2010 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
44 : ActiveDOMObject(context) 44 : ActiveDOMObject(context)
45 { 45 {
46 } 46 }
47 47
48 AbstractWorker::~AbstractWorker() 48 AbstractWorker::~AbstractWorker()
49 { 49 {
50 } 50 }
51 51
52 KURL AbstractWorker::resolveURL(const String& url, ExceptionState& exceptionStat e) 52 KURL AbstractWorker::resolveURL(const String& url, ExceptionState& exceptionStat e)
53 { 53 {
54 if (url.isEmpty()) {
55 exceptionState.throwDOMException(SyntaxError, "Failed to create a worker : an empty URL was provided.");
56 return KURL();
57 }
58
59 // FIXME: This should use the dynamic global scope (bug #27887) 54 // FIXME: This should use the dynamic global scope (bug #27887)
60 KURL scriptURL = executionContext()->completeURL(url); 55 KURL scriptURL = executionContext()->completeURL(url);
61 if (!scriptURL.isValid()) { 56 if (!scriptURL.isValid()) {
62 exceptionState.throwDOMException(SyntaxError, "Failed to create a worker : '" + url + "' is not a valid URL."); 57 exceptionState.throwDOMException(SyntaxError, "Failed to create a worker : '" + url + "' is not a valid URL.");
63 return KURL(); 58 return KURL();
64 } 59 }
65 60
66 // We can safely expose the URL in the following exceptions, as these checks happen synchronously before redirection. JavaScript receives no new information . 61 // We can safely expose the URL in the following exceptions, as these checks happen synchronously before redirection. JavaScript receives no new information .
67 if (!executionContext()->securityOrigin()->canRequest(scriptURL)) { 62 if (!executionContext()->securityOrigin()->canRequest(scriptURL)) {
68 exceptionState.throwSecurityError("Failed to create a worker: script at '" + scriptURL.elidedString() + "' cannot be accessed from origin '" + execution Context()->securityOrigin()->toString() + "'."); 63 exceptionState.throwSecurityError("Failed to create a worker: script at '" + scriptURL.elidedString() + "' cannot be accessed from origin '" + execution Context()->securityOrigin()->toString() + "'.");
69 return KURL(); 64 return KURL();
70 } 65 }
71 66
72 if (executionContext()->contentSecurityPolicy() && !executionContext()->cont entSecurityPolicy()->allowScriptFromSource(scriptURL)) { 67 if (executionContext()->contentSecurityPolicy() && !executionContext()->cont entSecurityPolicy()->allowScriptFromSource(scriptURL)) {
73 exceptionState.throwSecurityError("Failed to create a worker: access to the script at '" + scriptURL.elidedString() + "' is denied by the document's Con tent Security Policy."); 68 exceptionState.throwSecurityError("Failed to create a worker: access to the script at '" + scriptURL.elidedString() + "' is denied by the document's Con tent Security Policy.");
74 return KURL(); 69 return KURL();
75 } 70 }
76 71
77 return scriptURL; 72 return scriptURL;
78 } 73 }
79 74
80 } // namespace WebCore 75 } // namespace WebCore
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/workers/worker-invalid-url.html ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698