1 /*
2 * Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
3 * Copyright (C) 2001 Peter Kelly (pmk@post.com)
4 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include "config.h"
22 #include "ScriptController.h"
23
24 #include "ContentSecurityPolicy.h"
25 #include "Document.h"
26 #include "DocumentLoader.h"
27 #include "Frame.h"
28 #include "FrameLoaderClient.h"
29 #include "Page.h"
30 #include "ScriptSourceCode.h"
31 #include "ScriptValue.h"
32 #include "Settings.h"
33
34 namespace WebCore {
35
canExecuteScripts(ReasonForCallingCanExecuteScripts reason)36 bool ScriptController::canExecuteScripts(ReasonForCallingCanExecuteScripts reason)
37 {
38 // FIXME: We should get this information from the document instead of the frame.
39 if (m_frame->loader()->isSandboxed(SandboxScripts))
40 return false;
41
42 Settings* settings = m_frame->settings();
43 const bool allowed = m_frame->loader()->client()->allowJavaScript(settings && settings->isJavaScriptEnabled());
44 if (!allowed && reason == AboutToExecuteScript)
45 m_frame->loader()->client()->didNotAllowScript();
46 return allowed;
47 }
48
executeScript(const String & script,bool forceUserGesture)49 ScriptValue ScriptController::executeScript(const String& script, bool forceUserGesture)
50 {
51 return executeScript(ScriptSourceCode(script, forceUserGesture ? KURL() : m_frame->document()->url()));
52 }
53
executeScript(const ScriptSourceCode & sourceCode)54 ScriptValue ScriptController::executeScript(const ScriptSourceCode& sourceCode)
55 {
56 if (!canExecuteScripts(AboutToExecuteScript) || isPaused())
57 return ScriptValue();
58
59 bool wasInExecuteScript = m_inExecuteScript;
60 m_inExecuteScript = true;
61
62 RefPtr<Frame> protect(m_frame); // Script execution can destroy the frame, and thus the ScriptController.
63
64 ScriptValue result = evaluate(sourceCode);
65
66 if (!wasInExecuteScript) {
67 m_inExecuteScript = false;
68 Document::updateStyleForAllDocuments();
69 }
70
71 return result;
72 }
73
executeIfJavaScriptURL(const KURL & url,ShouldReplaceDocumentIfJavaScriptURL shouldReplaceDocumentIfJavaScriptURL)74 bool ScriptController::executeIfJavaScriptURL(const KURL& url, ShouldReplaceDocumentIfJavaScriptURL shouldReplaceDocumentIfJavaScriptURL)
75 {
76 if (!protocolIsJavaScript(url))
77 return false;
78
79 if (!m_frame->page()
80 || !m_frame->page()->javaScriptURLsAreAllowed()
81 || !m_frame->document()->contentSecurityPolicy()->allowJavaScriptURLs()
82 || m_frame->inViewSourceMode())
83 return true;
84
85 // We need to hold onto the Frame here because executing script can
86 // destroy the frame.
87 RefPtr<Frame> protector(m_frame);
88
89 const int javascriptSchemeLength = sizeof("javascript:") - 1;
90
91 String decodedURL = decodeURLEscapeSequences(url.string());
92 ScriptValue result = executeScript(decodedURL.substring(javascriptSchemeLength), false);
93
94 // If executing script caused this frame to be removed from the page, we
95 // don't want to try to replace its document!
96 if (!m_frame->page())
97 return true;
98
99 String scriptResult;
100 #if USE(JSC)
101 JSDOMWindowShell* shell = windowShell(mainThreadNormalWorld());
102 JSC::ExecState* exec = shell->window()->globalExec();
103 if (!result.getString(exec, scriptResult))
104 return true;
105 #else
106 if (!result.getString(scriptResult))
107 return true;
108 #endif
109
110 // FIXME: We should always replace the document, but doing so
111 // synchronously can cause crashes:
112 // http://bugs.webkit.org/show_bug.cgi?id=16782
113 if (shouldReplaceDocumentIfJavaScriptURL == ReplaceDocumentIfJavaScriptURL)
114 m_frame->document()->loader()->writer()->replaceDocument(scriptResult);
115
116 return true;
117 }
118
119 } // namespace WebCore
120