diff -r 000000000000 -r 4f2f89ce4247 WebCore/bindings/ScriptControllerBase.cpp --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/WebCore/bindings/ScriptControllerBase.cpp Fri Sep 17 09:02:29 2010 +0300 @@ -0,0 +1,108 @@ +/* + * Copyright (C) 1999-2001 Harri Porten (porten@kde.org) + * Copyright (C) 2001 Peter Kelly (pmk@post.com) + * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + */ + +#include "config.h" +#include "ScriptController.h" + +#include "Frame.h" +#include "FrameLoaderClient.h" +#include "Page.h" +#include "ScriptSourceCode.h" +#include "ScriptValue.h" +#include "Settings.h" +#include "XSSAuditor.h" + +namespace WebCore { + +bool ScriptController::canExecuteScripts(ReasonForCallingCanExecuteScripts reason) +{ + // FIXME: We should get this information from the document instead of the frame. + if (m_frame->loader()->isSandboxed(SandboxScripts)) + return false; + + Settings* settings = m_frame->settings(); + const bool allowed = m_frame->loader()->client()->allowJavaScript(settings && settings->isJavaScriptEnabled()); + if (!allowed && reason == AboutToExecuteScript) + m_frame->loader()->client()->didNotAllowScript(); + return allowed; +} + +ScriptValue ScriptController::executeScript(const String& script, bool forceUserGesture, ShouldAllowXSS shouldAllowXSS) +{ + return executeScript(ScriptSourceCode(script, forceUserGesture ? KURL() : m_frame->loader()->url()), shouldAllowXSS); +} + +ScriptValue ScriptController::executeScript(const ScriptSourceCode& sourceCode, ShouldAllowXSS shouldAllowXSS) +{ + if (!canExecuteScripts(AboutToExecuteScript) || isPaused()) + return ScriptValue(); + + bool wasInExecuteScript = m_inExecuteScript; + m_inExecuteScript = true; + + ScriptValue result = evaluate(sourceCode, shouldAllowXSS); + + if (!wasInExecuteScript) { + m_inExecuteScript = false; + Document::updateStyleForAllDocuments(); + } + + return result; +} + +bool ScriptController::executeIfJavaScriptURL(const KURL& url, bool userGesture, ShouldReplaceDocumentIfJavaScriptURL shouldReplaceDocumentIfJavaScriptURL) +{ + if (!protocolIsJavaScript(url)) + return false; + + if (m_frame->page() && !m_frame->page()->javaScriptURLsAreAllowed()) + return true; + + if (m_frame->inViewSourceMode()) + return true; + + const int javascriptSchemeLength = sizeof("javascript:") - 1; + + String decodedURL = decodeURLEscapeSequences(url.string()); + ScriptValue result; + if (xssAuditor()->canEvaluateJavaScriptURL(decodedURL)) + result = executeScript(decodedURL.substring(javascriptSchemeLength), userGesture, AllowXSS); + + String scriptResult; +#if USE(JSC) + JSDOMWindowShell* shell = windowShell(mainThreadNormalWorld()); + JSC::ExecState* exec = shell->window()->globalExec(); + if (!result.getString(exec, scriptResult)) + return true; +#else + if (!result.getString(scriptResult)) + return true; +#endif + + // FIXME: We should always replace the document, but doing so + // synchronously can cause crashes: + // http://bugs.webkit.org/show_bug.cgi?id=16782 + if (shouldReplaceDocumentIfJavaScriptURL == ReplaceDocumentIfJavaScriptURL) + m_frame->loader()->writer()->replaceDocument(scriptResult); + + return true; +} + +} // namespace WebCore