ScriptControllerBase.cpp [plain text]
#include "config.h"
#include "ScriptController.h"
#include "ContentSecurityPolicy.h"
#include "Document.h"
#include "DocumentLoader.h"
#include "Frame.h"
#include "FrameLoader.h"
#include "FrameLoaderClient.h"
#include "Page.h"
#include "ScriptSourceCode.h"
#include "ScriptValue.h"
#include "SecurityOrigin.h"
#include "Settings.h"
#include "UserGestureIndicator.h"
#include <wtf/text/TextPosition.h>
namespace WebCore {
bool ScriptController::canExecuteScripts(ReasonForCallingCanExecuteScripts reason)
{
if (m_frame->document() && m_frame->document()->isSandboxed(SandboxScripts)) {
if (reason == AboutToExecuteScript)
m_frame->document()->addConsoleMessage(SecurityMessageSource, ErrorMessageLevel, "Blocked script execution in '" + m_frame->document()->url().stringCenterEllipsizedToLength() + "' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.");
return false;
}
if (m_frame->document() && m_frame->document()->isViewSource()) {
ASSERT(m_frame->document()->securityOrigin()->isUnique());
return true;
}
Settings* settings = m_frame->settings();
const bool allowed = m_frame->loader()->client()->allowScript(settings && settings->isScriptEnabled());
if (!allowed && reason == AboutToExecuteScript)
m_frame->loader()->client()->didNotAllowScript();
return allowed;
}
ScriptValue ScriptController::executeScript(const String& script, bool forceUserGesture)
{
UserGestureIndicator gestureIndicator(forceUserGesture ? DefinitelyProcessingNewUserGesture : PossiblyProcessingUserGesture);
return executeScript(ScriptSourceCode(script, m_frame->document()->url()));
}
ScriptValue ScriptController::executeScript(const ScriptSourceCode& sourceCode)
{
if (!canExecuteScripts(AboutToExecuteScript) || isPaused())
return ScriptValue();
RefPtr<Frame> protect(m_frame);
return evaluate(sourceCode);
}
bool ScriptController::executeIfJavaScriptURL(const KURL& url, ShouldReplaceDocumentIfJavaScriptURL shouldReplaceDocumentIfJavaScriptURL)
{
if (!protocolIsJavaScript(url))
return false;
if (!m_frame->page()
|| !m_frame->document()->contentSecurityPolicy()->allowJavaScriptURLs(m_frame->document()->url(), eventHandlerPosition().m_line))
return true;
RefPtr<Frame> protector(m_frame);
RefPtr<Document> ownerDocument(m_frame->document());
const int javascriptSchemeLength = sizeof("javascript:") - 1;
String decodedURL = decodeURLEscapeSequences(url.string());
ScriptValue result = executeScript(decodedURL.substring(javascriptSchemeLength));
if (!m_frame->page())
return true;
String scriptResult;
JSDOMWindowShell* shell = windowShell(mainThreadNormalWorld());
JSC::ExecState* exec = shell->window()->globalExec();
if (!result.getString(exec, scriptResult))
return true;
if (shouldReplaceDocumentIfJavaScriptURL == ReplaceDocumentIfJavaScriptURL) {
ASSERT(m_frame->document()->loader());
if (RefPtr<DocumentLoader> loader = m_frame->document()->loader())
loader->writer()->replaceDocument(scriptResult, ownerDocument.get());
}
return true;
}
}