#include "config.h"
#include "ScriptElement.h"
#include "CachedResourceLoader.h"
#include "CachedResourceRequest.h"
#include "CachedScript.h"
#include "ContentSecurityPolicy.h"
#include "CrossOriginAccessControl.h"
#include "CurrentScriptIncrementer.h"
#include "Event.h"
#include "EventNames.h"
#include "Frame.h"
#include "FrameLoader.h"
#include "HTMLNames.h"
#include "HTMLParserIdioms.h"
#include "IgnoreDestructiveWriteCountIncrementer.h"
#include "MIMETypeRegistry.h"
#include "Page.h"
#include "SVGNames.h"
#include "SVGScriptElement.h"
#include "ScriptController.h"
#include "ScriptRunner.h"
#include "ScriptSourceCode.h"
#include "ScriptableDocumentParser.h"
#include "SecurityOrigin.h"
#include "Settings.h"
#include "TextNodeTraversal.h"
#include <bindings/ScriptValue.h>
#include <inspector/ScriptCallStack.h>
#include <wtf/StdLibExtras.h>
#include <wtf/text/StringBuilder.h>
#include <wtf/text/StringHash.h>
namespace WebCore {
ScriptElement::ScriptElement(Element& element, bool parserInserted, bool alreadyStarted)
: m_element(element)
, m_startLineNumber(WTF::OrdinalNumber::beforeFirst())
, m_parserInserted(parserInserted)
, m_isExternalScript(false)
, m_alreadyStarted(alreadyStarted)
, m_haveFiredLoad(false)
, m_willBeParserExecuted(false)
, m_readyToBeParserExecuted(false)
, m_willExecuteWhenDocumentFinishedParsing(false)
, m_forceAsync(!parserInserted)
, m_willExecuteInOrder(false)
, m_requestUsesAccessControl(false)
{
if (parserInserted && m_element.document().scriptableDocumentParser() && !m_element.document().isInDocumentWrite())
m_startLineNumber = m_element.document().scriptableDocumentParser()->textPosition().m_line;
}
ScriptElement::~ScriptElement()
{
stopLoadRequest();
}
bool ScriptElement::shouldCallFinishedInsertingSubtree(ContainerNode& insertionPoint)
{
return insertionPoint.inDocument() && !m_parserInserted;
}
void ScriptElement::finishedInsertingSubtree()
{
ASSERT(!m_parserInserted);
prepareScript(); }
void ScriptElement::childrenChanged()
{
if (!m_parserInserted && m_element.inDocument())
prepareScript(); }
void ScriptElement::handleSourceAttribute(const String& sourceUrl)
{
if (ignoresLoadRequest() || sourceUrl.isEmpty())
return;
prepareScript(); }
void ScriptElement::handleAsyncAttribute()
{
m_forceAsync = false;
}
static bool isLegacySupportedJavaScriptLanguage(const String& language)
{
typedef HashSet<String, ASCIICaseInsensitiveHash> LanguageSet;
static NeverDestroyed<LanguageSet> languages;
if (languages.get().isEmpty()) {
languages.get().add("javascript");
languages.get().add("javascript");
languages.get().add("javascript1.0");
languages.get().add("javascript1.1");
languages.get().add("javascript1.2");
languages.get().add("javascript1.3");
languages.get().add("javascript1.4");
languages.get().add("javascript1.5");
languages.get().add("javascript1.6");
languages.get().add("javascript1.7");
languages.get().add("livescript");
languages.get().add("ecmascript");
languages.get().add("jscript");
}
return languages.get().contains(language);
}
void ScriptElement::dispatchErrorEvent()
{
m_element.dispatchEvent(Event::create(eventNames().errorEvent, false, false));
}
bool ScriptElement::isScriptTypeSupported(LegacyTypeSupport supportLegacyTypes) const
{
String type = typeAttributeValue();
String language = languageAttributeValue();
if (type.isEmpty()) {
if (language.isEmpty())
return true; if (MIMETypeRegistry::isSupportedJavaScriptMIMEType("text/" + language))
return true;
if (isLegacySupportedJavaScriptLanguage(language))
return true;
return false;
}
if (MIMETypeRegistry::isSupportedJavaScriptMIMEType(type.stripWhiteSpace()))
return true;
if (supportLegacyTypes == AllowLegacyTypeInTypeAttribute && isLegacySupportedJavaScriptLanguage(type))
return true;
return false;
}
bool ScriptElement::prepareScript(const TextPosition& scriptStartPosition, LegacyTypeSupport supportLegacyTypes)
{
if (m_alreadyStarted)
return false;
bool wasParserInserted;
if (m_parserInserted) {
wasParserInserted = true;
m_parserInserted = false;
} else
wasParserInserted = false;
if (wasParserInserted && !asyncAttributeValue())
m_forceAsync = true;
if (!hasSourceAttribute() && !m_element.firstChild())
return false;
if (!m_element.inDocument())
return false;
if (!isScriptTypeSupported(supportLegacyTypes))
return false;
if (wasParserInserted) {
m_parserInserted = true;
m_forceAsync = false;
}
m_alreadyStarted = true;
Document& document = m_element.document();
if (!document.frame())
return false;
if (!document.frame()->script().canExecuteScripts(AboutToExecuteScript))
return false;
if (!isScriptForEventSupported())
return false;
if (!charsetAttributeValue().isEmpty())
m_characterEncoding = charsetAttributeValue();
else
m_characterEncoding = document.charset();
if (hasSourceAttribute())
if (!requestScript(sourceAttributeValue()))
return false;
if (hasSourceAttribute() && deferAttributeValue() && m_parserInserted && !asyncAttributeValue()) {
m_willExecuteWhenDocumentFinishedParsing = true;
m_willBeParserExecuted = true;
} else if (hasSourceAttribute() && m_parserInserted && !asyncAttributeValue())
m_willBeParserExecuted = true;
else if (!hasSourceAttribute() && m_parserInserted && !document.haveStylesheetsLoaded()) {
m_willBeParserExecuted = true;
m_readyToBeParserExecuted = true;
} else if (hasSourceAttribute() && !asyncAttributeValue() && !m_forceAsync) {
m_willExecuteInOrder = true;
document.scriptRunner()->queueScriptForExecution(this, m_cachedScript, ScriptRunner::IN_ORDER_EXECUTION);
m_cachedScript->addClient(this);
} else if (hasSourceAttribute()) {
m_element.document().scriptRunner()->queueScriptForExecution(this, m_cachedScript, ScriptRunner::ASYNC_EXECUTION);
m_cachedScript->addClient(this);
} else {
TextPosition position = document.isInDocumentWrite() ? TextPosition() : scriptStartPosition;
executeScript(ScriptSourceCode(scriptContent(), document.url(), position));
}
return true;
}
bool ScriptElement::requestScript(const String& sourceUrl)
{
Ref<Document> originalDocument(m_element.document());
if (!m_element.dispatchBeforeLoadEvent(sourceUrl))
return false;
if (!m_element.inDocument() || &m_element.document() != originalDocument.ptr())
return false;
ASSERT(!m_cachedScript);
if (!stripLeadingAndTrailingHTMLSpaces(sourceUrl).isEmpty()) {
bool hasKnownNonce = m_element.document().contentSecurityPolicy()->allowScriptWithNonce(m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr), m_element.isInUserAgentShadowTree());
ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions();
options.setContentSecurityPolicyImposition(hasKnownNonce ? ContentSecurityPolicyImposition::SkipPolicyCheck : ContentSecurityPolicyImposition::DoPolicyCheck);
CachedResourceRequest request(ResourceRequest(m_element.document().completeURL(sourceUrl)), options);
m_element.document().contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(request.mutableResourceRequest(), ContentSecurityPolicy::InsecureRequestType::Load);
String crossOriginMode = m_element.attributeWithoutSynchronization(HTMLNames::crossoriginAttr);
if (!crossOriginMode.isNull()) {
m_requestUsesAccessControl = true;
StoredCredentials allowCredentials = equalLettersIgnoringASCIICase(crossOriginMode, "use-credentials") ? AllowStoredCredentials : DoNotAllowStoredCredentials;
ASSERT(m_element.document().securityOrigin());
updateRequestForAccessControl(request.mutableResourceRequest(), *m_element.document().securityOrigin(), allowCredentials);
}
request.setCharset(scriptCharset());
request.setInitiator(&element());
m_cachedScript = m_element.document().cachedResourceLoader().requestScript(request);
m_isExternalScript = true;
}
if (m_cachedScript)
return true;
callOnMainThread([this, element = Ref<Element>(m_element)] {
dispatchErrorEvent();
});
return false;
}
void ScriptElement::executeScript(const ScriptSourceCode& sourceCode)
{
ASSERT(m_alreadyStarted);
if (sourceCode.isEmpty())
return;
if (!m_isExternalScript) {
ASSERT(m_element.document().contentSecurityPolicy());
const ContentSecurityPolicy& contentSecurityPolicy = *m_element.document().contentSecurityPolicy();
bool hasKnownNonce = contentSecurityPolicy.allowScriptWithNonce(m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr), m_element.isInUserAgentShadowTree());
if (!contentSecurityPolicy.allowInlineScript(m_element.document().url(), m_startLineNumber, sourceCode.source().toStringWithoutCopying(), hasKnownNonce))
return;
}
#if ENABLE(NOSNIFF)
if (m_isExternalScript && m_cachedScript && !m_cachedScript->mimeTypeAllowedByNosniff()) {
m_element.document().addConsoleMessage(MessageSource::Security, MessageLevel::Error, "Refused to execute script from '" + m_cachedScript->url().stringCenterEllipsizedToLength() + "' because its MIME type ('" + m_cachedScript->mimeType() + "') is not executable, and strict MIME type checking is enabled.");
return;
}
#endif
Ref<Document> document(m_element.document());
if (Frame* frame = document->frame()) {
IgnoreDestructiveWriteCountIncrementer ignoreDesctructiveWriteCountIncrementer(m_isExternalScript ? document.ptr() : nullptr);
CurrentScriptIncrementer currentScriptIncrementer(document, m_element);
frame->script().evaluate(sourceCode);
}
}
void ScriptElement::stopLoadRequest()
{
if (m_cachedScript) {
if (!m_willBeParserExecuted)
m_cachedScript->removeClient(this);
m_cachedScript = nullptr;
}
}
void ScriptElement::execute(CachedScript* cachedScript)
{
ASSERT(!m_willBeParserExecuted);
ASSERT(cachedScript);
if (cachedScript->errorOccurred())
dispatchErrorEvent();
else if (!cachedScript->wasCanceled()) {
executeScript(ScriptSourceCode(cachedScript));
dispatchLoadEvent();
}
cachedScript->removeClient(this);
}
void ScriptElement::notifyFinished(CachedResource* resource)
{
ASSERT(!m_willBeParserExecuted);
ASSERT_UNUSED(resource, resource == m_cachedScript);
if (!m_cachedScript)
return;
if (m_requestUsesAccessControl && !m_cachedScript->passesSameOriginPolicyCheck(*m_element.document().securityOrigin())) {
dispatchErrorEvent();
static NeverDestroyed<String> consoleMessage(ASCIILiteral("Cross-origin script load denied by Cross-Origin Resource Sharing policy."));
m_element.document().addConsoleMessage(MessageSource::JS, MessageLevel::Error, consoleMessage);
return;
}
if (m_willExecuteInOrder)
m_element.document().scriptRunner()->notifyScriptReady(this, ScriptRunner::IN_ORDER_EXECUTION);
else
m_element.document().scriptRunner()->notifyScriptReady(this, ScriptRunner::ASYNC_EXECUTION);
m_cachedScript = nullptr;
}
bool ScriptElement::ignoresLoadRequest() const
{
return m_alreadyStarted || m_isExternalScript || m_parserInserted || !m_element.inDocument();
}
bool ScriptElement::isScriptForEventSupported() const
{
String eventAttribute = eventAttributeValue();
String forAttribute = forAttributeValue();
if (!eventAttribute.isNull() && !forAttribute.isNull()) {
forAttribute = stripLeadingAndTrailingHTMLSpaces(forAttribute);
if (!equalLettersIgnoringASCIICase(forAttribute, "window"))
return false;
eventAttribute = stripLeadingAndTrailingHTMLSpaces(eventAttribute);
if (!equalLettersIgnoringASCIICase(eventAttribute, "onload") && !equalLettersIgnoringASCIICase(eventAttribute, "onload()"))
return false;
}
return true;
}
String ScriptElement::scriptContent() const
{
StringBuilder result;
for (auto* text = TextNodeTraversal::firstChild(m_element); text; text = TextNodeTraversal::nextSibling(*text))
result.append(text->data());
return result.toString();
}
ScriptElement* toScriptElementIfPossible(Element* element)
{
if (is<HTMLScriptElement>(*element))
return downcast<HTMLScriptElement>(element);
if (is<SVGScriptElement>(*element))
return downcast<SVGScriptElement>(element);
return nullptr;
}
}