diff options
Diffstat (limited to 'src/3rdparty/webkit/WebCore/bindings/js/ScriptController.cpp')
-rw-r--r-- | src/3rdparty/webkit/WebCore/bindings/js/ScriptController.cpp | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/src/3rdparty/webkit/WebCore/bindings/js/ScriptController.cpp b/src/3rdparty/webkit/WebCore/bindings/js/ScriptController.cpp index 3e59df98d8..442205e2f3 100644 --- a/src/3rdparty/webkit/WebCore/bindings/js/ScriptController.cpp +++ b/src/3rdparty/webkit/WebCore/bindings/js/ScriptController.cpp @@ -81,7 +81,15 @@ ScriptController::~ScriptController() ScriptValue ScriptController::evaluate(const ScriptSourceCode& sourceCode) { - if (!m_XSSAuditor->canEvaluate(sourceCode.source())) { + const SourceCode& jsSourceCode = sourceCode.jsSourceCode(); + String sourceURL = jsSourceCode.provider()->url(); + + if (sourceURL.isNull() && !m_XSSAuditor->canEvaluateJavaScriptURL(sourceCode.source())) { + // This JavaScript URL is not safe to be evaluated. + return JSValue(); + } + + if (!sourceURL.isNull() && !m_XSSAuditor->canEvaluate(sourceCode.source())) { // This script is not safe to be evaluated. return JSValue(); } @@ -89,8 +97,6 @@ ScriptValue ScriptController::evaluate(const ScriptSourceCode& sourceCode) // evaluate code. Returns the JS return value or 0 // if there was none, an error occured or the type couldn't be converted. - const SourceCode& jsSourceCode = sourceCode.jsSourceCode(); - initScriptIfNeeded(); // inlineCode is true for <a href="javascript:doSomething()"> // and false for <script>doSomething()</script>. Check if it has the @@ -98,7 +104,6 @@ ScriptValue ScriptController::evaluate(const ScriptSourceCode& sourceCode) // See smart window.open policy for where this is used. ExecState* exec = m_windowShell->window()->globalExec(); const String* savedSourceURL = m_sourceURL; - String sourceURL = jsSourceCode.provider()->url(); m_sourceURL = &sourceURL; JSLock lock(false); |