Index: Source/core/dom/ScriptLoader.cpp |
diff --git a/Source/core/dom/ScriptLoader.cpp b/Source/core/dom/ScriptLoader.cpp |
index e9189835e5afef00793d27bb6ea105529484d582..1dcabc94057854c3b11041bfee1708aad79756b3 100644 |
--- a/Source/core/dom/ScriptLoader.cpp |
+++ b/Source/core/dom/ScriptLoader.cpp |
@@ -335,10 +335,14 @@ void ScriptLoader::executeScript(const ScriptSourceCode& sourceCode) |
if (isHTMLScriptLoader(m_element)) |
executingDocument->pushCurrentScript(toHTMLScriptElement(m_element)); |
+ ScriptAccessControlCheckStatus corsCheck = ScriptIsNotSharedCrossOrigin; |
abarth-chromium
2013/08/05 22:31:45
corsCheck -> corsStatus
|
+ if (!m_element->fastGetAttribute(HTMLNames::crossoriginAttr).isNull() && sourceCode.cachedScript() && sourceCode.cachedScript()->passesAccessControlCheck(m_element->document()->securityOrigin())) |
abarth-chromium
2013/08/05 22:31:45
I'm worried that we're reading m_element's crossor
Mike West
2013/08/06 06:53:07
That makes sense. I'll take another look at this b
Mike West
2013/08/06 07:54:03
Yup. Tests continue to reflect the behavior we wan
|
+ corsCheck = ScriptIsSharedCrossOrigin; |
+ |
// Create a script from the script element node, using the script |
// block's source and the script block's type. |
// Note: This is where the script is compiled and actually executed. |
- frame->script()->executeScriptInMainWorld(sourceCode); |
+ frame->script()->executeScriptInMainWorld(sourceCode, corsCheck); |
if (isHTMLScriptLoader(m_element)) { |
ASSERT(executingDocument->currentScript() == m_element); |