Changeset 96667 in webkit
- Timestamp:
- Oct 4, 2011 5:52:50 PM (13 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 9 edited
-
ChangeLog (modified) (1 diff)
-
bindings/js/WorkerScriptController.cpp (modified) (1 diff)
-
bindings/js/WorkerScriptController.h (modified) (1 diff)
-
dom/Document.cpp (modified) (1 diff)
-
dom/Document.h (modified) (1 diff)
-
dom/ScriptExecutionContext.h (modified) (1 diff)
-
page/ContentSecurityPolicy.cpp (modified) (4 diffs)
-
workers/WorkerContext.cpp (modified) (1 diff)
-
workers/WorkerContext.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r96663 r96667 1 2011-10-04 Sam Weinig <sam@webkit.org> 2 3 Wean ContentSecurityPolicy from the Document 4 https://bugs.webkit.org/show_bug.cgi?id=69387 5 6 Reviewed by Adam Barth. 7 8 * bindings/js/WorkerScriptController.cpp: 9 (WebCore::WorkerScriptController::disableEval): 10 * bindings/js/WorkerScriptController.h: 11 * dom/Document.cpp: 12 (WebCore::Document::disableEval): 13 * dom/Document.h: 14 * workers/WorkerContext.cpp: 15 (WebCore::WorkerContext::disableEval): 16 * workers/WorkerContext.h: 17 * dom/ScriptExecutionContext.h: 18 Add pure virtual disableEval to ScriptExecutionContext, so that ContentSecurityPolicy 19 can call it for both Documents and WorkerContexts. 20 21 * page/ContentSecurityPolicy.cpp: 22 (WebCore::ContentSecurityPolicy::didReceiveHeader): 23 Call the new ScriptExecutionContext::disableEval() function. 24 25 (WebCore::ContentSecurityPolicy::reportViolation): 26 Use ScriptExecutionContext::addMessage() instead of going directly to the DOMWindow. 27 1 28 2011-10-04 Anders Carlsson <andersca@apple.com> 2 29 -
trunk/Source/WebCore/bindings/js/WorkerScriptController.cpp
r96465 r96667 182 182 } 183 183 184 void WorkerScriptController::disableEval() 185 { 186 initScriptIfNeeded(); 187 JSLock lock(SilenceAssertionsOnly); 188 189 m_workerContextWrapper->setEvalEnabled(false); 190 } 191 184 192 } // namespace WebCore 185 193 -
trunk/Source/WebCore/bindings/js/WorkerScriptController.h
r83900 r96667 74 74 bool isExecutionForbidden() const; 75 75 76 void disableEval(); 77 76 78 JSC::JSGlobalData* globalData() { return m_globalData.get(); } 77 79 -
trunk/Source/WebCore/dom/Document.cpp
r96550 r96667 2439 2439 } 2440 2440 2441 void Document::disableEval() 2442 { 2443 if (!frame()) 2444 return; 2445 2446 frame()->script()->disableEval(); 2447 } 2448 2441 2449 CSSStyleSheet* Document::pageUserSheet() 2442 2450 { -
trunk/Source/WebCore/dom/Document.h
r96550 r96667 613 613 virtual String userAgent(const KURL&) const; 614 614 615 virtual void disableEval() OVERRIDE; 616 615 617 CSSStyleSheet* pageUserSheet(); 616 618 void clearPageUserSheet(); -
trunk/Source/WebCore/dom/ScriptExecutionContext.h
r96550 r96667 97 97 virtual String userAgent(const KURL&) const = 0; 98 98 99 virtual void disableEval() = 0; 100 99 101 SecurityOrigin* securityOrigin() const { return m_securityOrigin.get(); } 100 102 ContentSecurityPolicy* contentSecurityPolicy() { return m_contentSecurityPolicy.get(); } -
trunk/Source/WebCore/page/ContentSecurityPolicy.cpp
r96621 r96667 28 28 29 29 #include "Console.h" 30 #include "DOMWindow.h"31 30 #include "Document.h" 32 31 #include "FormData.h" … … 34 33 #include "Frame.h" 35 34 #include "PingLoader.h" 35 #include "ScriptCallStack.h" 36 36 #include "SecurityOrigin.h" 37 37 #include "TextEncoding.h" … … 492 492 } 493 493 494 if (!checkEval(operativeDirective(m_scriptSrc.get()))) { 495 // FIXME: Support disabling eval for Workers. 496 if (m_scriptExecutionContext->isDocument()) { 497 if (Frame* frame = static_cast<Document*>(m_scriptExecutionContext)->frame()) 498 frame->script()->disableEval(); 499 } 500 } 494 if (!checkEval(operativeDirective(m_scriptSrc.get()))) 495 m_scriptExecutionContext->disableEval(); 501 496 } 502 497 503 498 void ContentSecurityPolicy::reportViolation(const String& directiveText, const String& consoleMessage) const 504 499 { 505 // FIXME: Support reporting violations for Workers. 500 String message = m_reportOnly ? "[Report Only] " + consoleMessage : consoleMessage; 501 m_scriptExecutionContext->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message, 1, String(), 0); 502 503 if (m_reportURLs.isEmpty()) 504 return; 505 506 // FIXME: Support sending reports from worker. 506 507 if (!m_scriptExecutionContext->isDocument()) 507 508 return; … … 510 511 Frame* frame = document->frame(); 511 512 if (!frame) 512 return;513 514 String message = m_reportOnly ? "[Report Only] " + consoleMessage : consoleMessage;515 frame->domWindow()->console()->addMessage(JSMessageSource, LogMessageType, ErrorMessageLevel, message, 1, String());516 517 if (m_reportURLs.isEmpty())518 513 return; 519 514 -
trunk/Source/WebCore/workers/WorkerContext.cpp
r96550 r96667 166 166 } 167 167 168 void WorkerContext::disableEval() 169 { 170 m_script->disableEval(); 171 } 172 168 173 WorkerLocation* WorkerContext::location() const 169 174 { -
trunk/Source/WebCore/workers/WorkerContext.h
r95849 r96667 78 78 virtual String userAgent(const KURL&) const; 79 79 80 virtual void disableEval() OVERRIDE; 81 80 82 WorkerScriptController* script() { return m_script.get(); } 81 83 void clearScript() { m_script.clear(); }
Note: See TracChangeset
for help on using the changeset viewer.
