Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(71)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/dom/ScriptLoader.cpp

Issue 19596004: Allow sites to enable 'window.onerror' handlers for cross-domain scripts. (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Rebase. Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « Source/core/dom/ScriptExecutionContext.cpp ('k') | Source/core/loader/CrossOriginAccessControl.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2001 Dirk Mueller (mueller@kde.org) 4 * (C) 2001 Dirk Mueller (mueller@kde.org)
5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv ed. 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv ed.
6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> 6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org>
7 * 7 *
8 * This library is free software; you can redistribute it and/or 8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Library General Public 9 * modify it under the terms of the GNU Library General Public
10 * License as published by the Free Software Foundation; either 10 * License as published by the Free Software Foundation; either
(...skipping 317 matching lines...) Expand 10 before | Expand all | Expand 10 after
328 executingDocument->addConsoleMessage(SecurityMessageSource, ErrorMessage Level, "Refused to execute script from '" + m_cachedScript->url().elidedString() + "' because its MIME type ('" + m_cachedScript->mimeType() + "') is not execut able, and strict MIME type checking is enabled."); 328 executingDocument->addConsoleMessage(SecurityMessageSource, ErrorMessage Level, "Refused to execute script from '" + m_cachedScript->url().elidedString() + "' because its MIME type ('" + m_cachedScript->mimeType() + "') is not execut able, and strict MIME type checking is enabled.");
329 return; 329 return;
330 } 330 }
331 331
332 if (frame) { 332 if (frame) {
333 IgnoreDestructiveWriteCountIncrementer ignoreDesctructiveWriteCountIncre menter(m_isExternalScript ? executingDocument.get() : 0); 333 IgnoreDestructiveWriteCountIncrementer ignoreDesctructiveWriteCountIncre menter(m_isExternalScript ? executingDocument.get() : 0);
334 334
335 if (isHTMLScriptLoader(m_element)) 335 if (isHTMLScriptLoader(m_element))
336 executingDocument->pushCurrentScript(toHTMLScriptElement(m_element)) ; 336 executingDocument->pushCurrentScript(toHTMLScriptElement(m_element)) ;
337 337
338 AccessControlStatus corsCheck = NotSharableCrossOrigin;
339 if (sourceCode.cachedScript() && sourceCode.cachedScript()->passesAccess ControlCheck(m_element->document()->securityOrigin()))
340 corsCheck = SharableCrossOrigin;
341
338 // Create a script from the script element node, using the script 342 // Create a script from the script element node, using the script
339 // block's source and the script block's type. 343 // block's source and the script block's type.
340 // Note: This is where the script is compiled and actually executed. 344 // Note: This is where the script is compiled and actually executed.
341 frame->script()->executeScriptInMainWorld(sourceCode); 345 frame->script()->executeScriptInMainWorld(sourceCode, corsCheck);
342 346
343 if (isHTMLScriptLoader(m_element)) { 347 if (isHTMLScriptLoader(m_element)) {
344 ASSERT(executingDocument->currentScript() == m_element); 348 ASSERT(executingDocument->currentScript() == m_element);
345 executingDocument->popCurrentScript(); 349 executingDocument->popCurrentScript();
346 } 350 }
347 } 351 }
348 } 352 }
349 353
350 void ScriptLoader::stopLoadRequest() 354 void ScriptLoader::stopLoadRequest()
351 { 355 {
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after
439 if (isHTMLScriptLoader(element)) 443 if (isHTMLScriptLoader(element))
440 return toHTMLScriptElement(element)->loader(); 444 return toHTMLScriptElement(element)->loader();
441 445
442 if (isSVGScriptLoader(element)) 446 if (isSVGScriptLoader(element))
443 return toSVGScriptElement(element)->loader(); 447 return toSVGScriptElement(element)->loader();
444 448
445 return 0; 449 return 0;
446 } 450 }
447 451
448 } 452 }
OLDNEW
« no previous file with comments | « Source/core/dom/ScriptExecutionContext.cpp ('k') | Source/core/loader/CrossOriginAccessControl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698