1 files changed, 9 insertions, 4 deletions

diff --git a/src/3rdparty/webkit/WebCore/bindings/js/ScriptController.cpp b/src/3rdparty/webkit/WebCore/bindings/js/ScriptController.cpp
index 3e59df98d8..442205e2f3 100644
--- a/src/3rdparty/webkit/WebCore/bindings/js/ScriptController.cpp
+++ b/src/3rdparty/webkit/WebCore/bindings/js/ScriptController.cpp
@@ -81,7 +81,15 @@ ScriptController::~ScriptController()
 
 ScriptValue ScriptController::evaluate(const ScriptSourceCode& sourceCode) 
 {
-    if (!m_XSSAuditor->canEvaluate(sourceCode.source())) {
+    const SourceCode& jsSourceCode = sourceCode.jsSourceCode();
+    String sourceURL = jsSourceCode.provider()->url();
+    
+    if (sourceURL.isNull() && !m_XSSAuditor->canEvaluateJavaScriptURL(sourceCode.source())) {
+        // This JavaScript URL is not safe to be evaluated.
+        return JSValue();
+    }
+    
+    if (!sourceURL.isNull() && !m_XSSAuditor->canEvaluate(sourceCode.source())) {
         // This script is not safe to be evaluated.
         return JSValue();
     }
@@ -89,8 +97,6 @@ ScriptValue ScriptController::evaluate(const ScriptSourceCode& sourceCode)
     // evaluate code. Returns the JS return value or 0
     // if there was none, an error occured or the type couldn't be converted.
 
-    const SourceCode& jsSourceCode = sourceCode.jsSourceCode();
-
     initScriptIfNeeded();
     // inlineCode is true for <a href="javascript:doSomething()">
     // and false for <script>doSomething()</script>. Check if it has the
@@ -98,7 +104,6 @@ ScriptValue ScriptController::evaluate(const ScriptSourceCode& sourceCode)
     // See smart window.open policy for where this is used.
     ExecState* exec = m_windowShell->window()->globalExec();
     const String* savedSourceURL = m_sourceURL;
-    String sourceURL = jsSourceCode.provider()->url();
     m_sourceURL = &sourceURL;
 
     JSLock lock(false);