Changeset 111359 in webkit
- Timestamp:
- Mar 19, 2012 10:29:11 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 8 added
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r111351 r111359 1 2012-03-19 Pablo Flouret <pablof@motorola.com> 2 3 Add support for crossorigin attribute in script elements 4 https://bugs.webkit.org/show_bug.cgi?id=81438 5 6 Reviewed by Adam Barth. 7 8 * http/tests/security/resources/alert-fail.js: Added. 9 * http/tests/security/resources/cors-script.php: Added. 10 * http/tests/security/script-crossorigin-loads-correctly-expected.txt: Added. 11 * http/tests/security/script-crossorigin-loads-correctly.html: Added. 12 * http/tests/security/script-crossorigin-loads-same-origin-expected.txt: Added. 13 * http/tests/security/script-crossorigin-loads-same-origin.html: Added. 14 * http/tests/security/script-with-failed-cors-check-fails-to-load-expected.txt: Added. 15 * http/tests/security/script-with-failed-cors-check-fails-to-load.html: Added. 16 1 17 2012-03-19 Anders Carlsson <andersca@apple.com> 2 18 -
trunk/Source/WebCore/ChangeLog
r111358 r111359 1 2012-03-19 Pablo Flouret <pablof@motorola.com> 2 3 Add support for crossorigin attribute in script elements 4 https://bugs.webkit.org/show_bug.cgi?id=81438 5 6 Reviewed by Adam Barth. 7 8 Works similarly to img and its crossorigin attribute. In the future it 9 could allow for things like showing full error messages in error 10 handlers, etc. 11 12 Tests: http/tests/security/script-crossorigin-loads-correctly.html 13 http/tests/security/script-crossorigin-loads-same-origin.html 14 http/tests/security/script-with-failed-cors-check-fails-to-load.html 15 16 * dom/ScriptElement.cpp: 17 (WebCore::ScriptElement::ScriptElement): 18 (WebCore::ScriptElement::requestScript): 19 (WebCore::ScriptElement::notifyFinished): 20 * dom/ScriptElement.h: 21 (ScriptElement): 22 * html/HTMLScriptElement.idl: 23 1 24 2012-03-19 Benjamin Poulain <benjamin@webkit.org> 2 25 -
trunk/Source/WebCore/dom/ScriptElement.cpp
r109097 r111359 28 28 #include "CachedResourceLoader.h" 29 29 #include "ContentSecurityPolicy.h" 30 #include "CrossOriginAccessControl.h" 30 31 #include "Document.h" 31 32 #include "DocumentParser.h" … … 41 42 #include "ScriptSourceCode.h" 42 43 #include "ScriptValue.h" 44 #include "SecurityOrigin.h" 43 45 #include "Settings.h" 44 46 #include "Text.h" … … 66 68 , m_forceAsync(!parserInserted) 67 69 , m_willExecuteInOrder(false) 70 , m_requestUsesAccessControl(false) 68 71 { 69 72 ASSERT(m_element); … … 246 249 ASSERT(!m_cachedScript); 247 250 if (!stripLeadingAndTrailingHTMLSpaces(sourceUrl).isEmpty()) { 248 ResourceRequest request(m_element->document()->completeURL(sourceUrl)); 251 ResourceRequest request = ResourceRequest(m_element->document()->completeURL(sourceUrl)); 252 253 String crossOriginMode = m_element->fastGetAttribute(HTMLNames::crossoriginAttr); 254 if (!crossOriginMode.isNull()) { 255 m_requestUsesAccessControl = true; 256 StoredCredentials allowCredentials = equalIgnoringCase(crossOriginMode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials; 257 updateRequestForAccessControl(request, m_element->document()->securityOrigin(), allowCredentials); 258 } 259 249 260 m_cachedScript = m_element->document()->cachedResourceLoader()->requestScript(request, scriptCharset()); 250 261 m_isExternalScript = true; … … 304 315 } 305 316 306 void ScriptElement::notifyFinished(CachedResource* o)317 void ScriptElement::notifyFinished(CachedResource* resource) 307 318 { 308 319 ASSERT(!m_willBeParserExecuted); 309 ASSERT_UNUSED(o, o == m_cachedScript); 320 ASSERT_UNUSED(resource, resource == m_cachedScript); 321 322 if (m_requestUsesAccessControl 323 && !m_element->document()->securityOrigin()->canRequest(m_cachedScript->response().url()) 324 && !m_cachedScript->passesAccessControlCheck(m_element->document()->securityOrigin())) { 325 326 dispatchErrorEvent(); 327 DEFINE_STATIC_LOCAL(String, consoleMessage, ("Cross-origin script load denied by Cross-Origin Resource Sharing policy.")); 328 m_element->document()->addConsoleMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, consoleMessage); 329 return; 330 } 331 310 332 if (m_willExecuteInOrder) 311 333 m_element->document()->scriptRunner()->notifyScriptReady(this, ScriptRunner::IN_ORDER_EXECUTION); -
trunk/Source/WebCore/dom/ScriptElement.h
r104927 r111359 102 102 bool m_forceAsync : 1; 103 103 bool m_willExecuteInOrder : 1; 104 bool m_requestUsesAccessControl : 1; 104 105 String m_characterEncoding; 105 106 String m_fallbackCharacterEncoding; -
trunk/Source/WebCore/html/HTMLScriptElement.idl
r106776 r111359 29 29 attribute [Reflect, URL] DOMString src; 30 30 attribute [Reflect] DOMString type; 31 attribute [Reflect] DOMString crossOrigin; 31 32 }; 32 33 }
Note: See TracChangeset
for help on using the changeset viewer.