Chromium Code Reviews Chromium Code Reviews
Issue 19596004:
Allow sites to enable 'window.onerror' handlers for cross-domain scripts. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk| Index: Source/core/dom/ScriptLoader.cpp |
| diff --git a/Source/core/dom/ScriptLoader.cpp b/Source/core/dom/ScriptLoader.cpp |
| index e9189835e5afef00793d27bb6ea105529484d582..1dcabc94057854c3b11041bfee1708aad79756b3 100644 |
| --- a/Source/core/dom/ScriptLoader.cpp |
| +++ b/Source/core/dom/ScriptLoader.cpp |
| @@ -335,10 +335,14 @@ void ScriptLoader::executeScript(const ScriptSourceCode& sourceCode) |
| if (isHTMLScriptLoader(m_element)) |
| executingDocument->pushCurrentScript(toHTMLScriptElement(m_element)); |
| + ScriptAccessControlCheckStatus corsCheck = ScriptIsNotSharedCrossOrigin; |
|
abarth-chromium
2013/08/05 22:31:45
corsCheck -> corsStatus
|
| + if (!m_element->fastGetAttribute(HTMLNames::crossoriginAttr).isNull() && sourceCode.cachedScript() && sourceCode.cachedScript()->passesAccessControlCheck(m_element->document()->securityOrigin())) |
|
abarth-chromium
2013/08/05 22:31:45
I'm worried that we're reading m_element's crossor
Mike West
2013/08/06 06:53:07
That makes sense. I'll take another look at this b
Mike West
2013/08/06 07:54:03
Yup. Tests continue to reflect the behavior we wan
|
| + corsCheck = ScriptIsSharedCrossOrigin; |
| + |
| // Create a script from the script element node, using the script |
| // block's source and the script block's type. |
| // Note: This is where the script is compiled and actually executed. |
| - frame->script()->executeScriptInMainWorld(sourceCode); |
| + frame->script()->executeScriptInMainWorld(sourceCode, corsCheck); |
| if (isHTMLScriptLoader(m_element)) { |
| ASSERT(executingDocument->currentScript() == m_element); |
