OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv
ed. | 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv
ed. |
6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> | 6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> |
7 * | 7 * |
8 * This library is free software; you can redistribute it and/or | 8 * This library is free software; you can redistribute it and/or |
9 * modify it under the terms of the GNU Library General Public | 9 * modify it under the terms of the GNU Library General Public |
10 * License as published by the Free Software Foundation; either | 10 * License as published by the Free Software Foundation; either |
(...skipping 333 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
344 if (resource && !resource->mimeTypeAllowedByNosniff()) { | 344 if (resource && !resource->mimeTypeAllowedByNosniff()) { |
345 contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMe
ssageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->u
rl().elidedString() + "' because its MIME type ('" + resource->mimeType() + "')
is not executable, and strict MIME type checking is enabled.")); | 345 contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMe
ssageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->u
rl().elidedString() + "' because its MIME type ('" + resource->mimeType() + "')
is not executable, and strict MIME type checking is enabled.")); |
346 return; | 346 return; |
347 } | 347 } |
348 | 348 |
349 if (resource && resource->mimeType().lower().startsWith("image/")) { | 349 if (resource && resource->mimeType().lower().startsWith("image/")) { |
350 contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMe
ssageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->u
rl().elidedString() + "' because its MIME type ('" + resource->mimeType() + "')
is not executable.")); | 350 contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMe
ssageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->u
rl().elidedString() + "' because its MIME type ('" + resource->mimeType() + "')
is not executable.")); |
351 UseCounter::count(frame, UseCounter::BlockedSniffingImageToScript); | 351 UseCounter::count(frame, UseCounter::BlockedSniffingImageToScript); |
352 return; | 352 return; |
353 } | 353 } |
354 | |
355 if (!SubresourceIntegrity::CheckSubresourceIntegrity(*m_element, sourceC
ode.source(), sourceCode.resource()->url(), sourceCode.resource()->mimeType())) | |
356 return; | |
357 } | 354 } |
358 | 355 |
359 // FIXME: Can this be moved earlier in the function? | 356 // FIXME: Can this be moved earlier in the function? |
360 // Why are we ever attempting to execute scripts without a frame? | 357 // Why are we ever attempting to execute scripts without a frame? |
361 if (!frame) | 358 if (!frame) |
362 return; | 359 return; |
363 | 360 |
364 const bool isImportedScript = contextDocument != elementDocument; | 361 const bool isImportedScript = contextDocument != elementDocument; |
365 // http://www.whatwg.org/specs/web-apps/current-work/#execute-the-script-blo
ck step 2.3 | 362 // http://www.whatwg.org/specs/web-apps/current-work/#execute-the-script-blo
ck step 2.3 |
366 // with additional support for HTML imports. | 363 // with additional support for HTML imports. |
367 IgnoreDestructiveWriteCountIncrementer ignoreDestructiveWriteCountIncremente
r(m_isExternalScript || isImportedScript ? contextDocument.get() : 0); | 364 IgnoreDestructiveWriteCountIncrementer ignoreDestructiveWriteCountIncremente
r(m_isExternalScript || isImportedScript ? contextDocument.get() : 0); |
368 | 365 |
369 if (isHTMLScriptLoader(m_element)) | 366 if (isHTMLScriptLoader(m_element)) |
370 contextDocument->pushCurrentScript(toHTMLScriptElement(m_element)); | 367 contextDocument->pushCurrentScript(toHTMLScriptElement(m_element)); |
371 | 368 |
372 AccessControlStatus corsCheck = NotSharableCrossOrigin; | 369 AccessControlStatus corsCheck = NotSharableCrossOrigin; |
373 if (!m_isExternalScript || (sourceCode.resource() && sourceCode.resource()->
passesAccessControlCheck(&m_element->document(), m_element->document().securityO
rigin()))) | 370 if (!m_isExternalScript || (sourceCode.resource() && sourceCode.resource()->
passesAccessControlCheck(&m_element->document(), m_element->document().securityO
rigin()))) |
374 corsCheck = SharableCrossOrigin; | 371 corsCheck = SharableCrossOrigin; |
375 | 372 |
| 373 if (m_isExternalScript) { |
| 374 const KURL resourceUrl = sourceCode.resource()->resourceRequest().url(); |
| 375 if (!SubresourceIntegrity::CheckSubresourceIntegrity(*m_element, sourceC
ode.source(), sourceCode.resource()->url(), sourceCode.resource()->mimeType(), *
sourceCode.resource())) { |
| 376 return; |
| 377 } |
| 378 } |
| 379 |
376 // Create a script from the script element node, using the script | 380 // Create a script from the script element node, using the script |
377 // block's source and the script block's type. | 381 // block's source and the script block's type. |
378 // Note: This is where the script is compiled and actually executed. | 382 // Note: This is where the script is compiled and actually executed. |
379 frame->script().executeScriptInMainWorld(sourceCode, corsCheck, compilationF
inishTime); | 383 frame->script().executeScriptInMainWorld(sourceCode, corsCheck, compilationF
inishTime); |
380 | 384 |
381 if (isHTMLScriptLoader(m_element)) { | 385 if (isHTMLScriptLoader(m_element)) { |
382 ASSERT(contextDocument->currentScript() == m_element); | 386 ASSERT(contextDocument->currentScript() == m_element); |
383 contextDocument->popCurrentScript(); | 387 contextDocument->popCurrentScript(); |
384 } | 388 } |
385 } | 389 } |
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
474 if (isHTMLScriptLoader(element)) | 478 if (isHTMLScriptLoader(element)) |
475 return toHTMLScriptElement(element)->loader(); | 479 return toHTMLScriptElement(element)->loader(); |
476 | 480 |
477 if (isSVGScriptLoader(element)) | 481 if (isSVGScriptLoader(element)) |
478 return toSVGScriptElement(element)->loader(); | 482 return toSVGScriptElement(element)->loader(); |
479 | 483 |
480 return 0; | 484 return 0; |
481 } | 485 } |
482 | 486 |
483 } // namespace blink | 487 } // namespace blink |
OLD | NEW |