1 /* 2 * Copyright (C) 1999-2001 Harri Porten (porten (at) kde.org) 3 * Copyright (C) 2001 Peter Kelly (pmk (at) post.com) 4 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, write to the Free Software 18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 19 */ 20 21 #include "config.h" 22 #include "ScriptController.h" 23 24 #include "Frame.h" 25 #include "FrameLoaderClient.h" 26 #include "Page.h" 27 #include "ScriptSourceCode.h" 28 #include "ScriptValue.h" 29 #include "Settings.h" 30 #include "XSSAuditor.h" 31 32 namespace WebCore { 33 34 bool ScriptController::canExecuteScripts() 35 { 36 // FIXME: We should get this information from the document instead of the frame. 37 if (m_frame->loader()->isSandboxed(SandboxScripts)) 38 return false; 39 40 Settings* settings = m_frame->settings(); 41 return m_frame->loader()->client()->allowJavaScript(settings && settings->isJavaScriptEnabled()); 42 } 43 44 ScriptValue ScriptController::executeScript(const String& script, bool forceUserGesture) 45 { 46 return executeScript(ScriptSourceCode(script, forceUserGesture ? KURL() : m_frame->loader()->url())); 47 } 48 49 ScriptValue ScriptController::executeScript(const ScriptSourceCode& sourceCode) 50 { 51 if (!canExecuteScripts() || isPaused()) 52 return ScriptValue(); 53 54 bool wasInExecuteScript = m_inExecuteScript; 55 m_inExecuteScript = true; 56 57 ScriptValue result = evaluate(sourceCode); 58 59 if (!wasInExecuteScript) { 60 m_inExecuteScript = false; 61 Document::updateStyleForAllDocuments(); 62 } 63 64 return result; 65 } 66 67 68 bool ScriptController::executeIfJavaScriptURL(const KURL& url, bool userGesture, bool replaceDocument) 69 { 70 if (!protocolIsJavaScript(url)) 71 return false; 72 73 if (m_frame->page() && !m_frame->page()->javaScriptURLsAreAllowed()) 74 return true; 75 76 if (m_frame->inViewSourceMode()) 77 return true; 78 79 const int javascriptSchemeLength = sizeof("javascript:") - 1; 80 81 String script = decodeURLEscapeSequences(url.string().substring(javascriptSchemeLength)); 82 ScriptValue result; 83 if (xssAuditor()->canEvaluateJavaScriptURL(script)) 84 result = executeScript(script, userGesture); 85 86 String scriptResult; 87 #if USE(JSC) 88 JSDOMWindowShell* shell = windowShell(mainThreadNormalWorld()); 89 JSC::ExecState* exec = shell->window()->globalExec(); 90 if (!result.getString(exec, scriptResult)) 91 return true; 92 #else 93 if (!result.getString(scriptResult)) 94 return true; 95 #endif 96 97 // FIXME: We should always replace the document, but doing so 98 // synchronously can cause crashes: 99 // http://bugs.webkit.org/show_bug.cgi?id=16782 100 if (replaceDocument) 101 m_frame->loader()->replaceDocument(scriptResult); 102 103 return true; 104 } 105 106 } // namespace WebCore 107