Home | History | Annotate | Download | only in v8 
      1 /*
      2  * Copyright (C) 2009 Google Inc. All rights reserved.
      3  *
      4  * Redistribution and use in source and binary forms, with or without
      5  * modification, are permitted provided that the following conditions are
      6  * met:
      7  *
      8  *     * Redistributions of source code must retain the above copyright
      9  * notice, this list of conditions and the following disclaimer.
     10  *     * Redistributions in binary form must reproduce the above
     11  * copyright notice, this list of conditions and the following disclaimer
     12  * in the documentation and/or other materials provided with the
     13  * distribution.
     14  *     * Neither the name of Google Inc. nor the names of its
     15  * contributors may be used to endorse or promote products derived from
     16  * this software without specific prior written permission.
     17  *
     18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
     21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
     22  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     23  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
     24  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     28  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     29  */
     30 
     31 #include "config.h"
     32 #include "ScriptEventListener.h"
     33 
     34 #include "Attribute.h"
     35 #include "Document.h"
     36 #include "EventListener.h"
     37 #include "Frame.h"
     38 #include "ScriptScope.h"
     39 #include "Tokenizer.h"
     40 #include "V8AbstractEventListener.h"
     41 #include "V8Binding.h"
     42 #include "XSSAuditor.h"
     43 
     44 namespace WebCore {
     45 
     46 PassRefPtr<V8LazyEventListener> createAttributeEventListener(Node* node, Attribute* attr)
     47 {
     48     ASSERT(node);
     49     ASSERT(attr);
     50     if (attr->isNull())
     51         return 0;
     52 
     53     int lineNumber = 1;
     54     int columnNumber = 0;
     55     String sourceURL;
     56 
     57     if (Frame* frame = node->document()->frame()) {
     58         ScriptController* scriptController = frame->script();
     59         if (!scriptController->canExecuteScripts())
     60             return 0;
     61 
     62         if (!scriptController->xssAuditor()->canCreateInlineEventListener(attr->localName().string(), attr->value())) {
     63             // This script is not safe to execute.
     64             return 0;
     65         }
     66 
     67         if (frame->document()->tokenizer()) {
     68             // FIXME: Change to use script->eventHandlerLineNumber() when implemented.
     69             lineNumber = frame->document()->tokenizer()->lineNumber();
     70             columnNumber = frame->document()->tokenizer()->columnNumber();
     71         }
     72         sourceURL = node->document()->url().string();
     73     }
     74 
     75     return V8LazyEventListener::create(attr->localName().string(), node->isSVGElement(), attr->value(), sourceURL, lineNumber, columnNumber, WorldContextHandle(UseMainWorld));
     76 }
     77 
     78 PassRefPtr<V8LazyEventListener> createAttributeEventListener(Frame* frame, Attribute* attr)
     79 {
     80     if (!frame)
     81         return 0;
     82 
     83     ASSERT(attr);
     84     if (attr->isNull())
     85         return 0;
     86 
     87     int lineNumber = 1;
     88     int columnNumber = 0;
     89     String sourceURL;
     90 
     91     ScriptController* scriptController = frame->script();
     92     if (!scriptController->canExecuteScripts())
     93         return 0;
     94 
     95     if (!scriptController->xssAuditor()->canCreateInlineEventListener(attr->localName().string(), attr->value())) {
     96         // This script is not safe to execute.
     97         return 0;
     98     }
     99 
    100     if (frame->document()->tokenizer()) {
    101         // FIXME: Change to use script->eventHandlerLineNumber() when implemented.
    102         lineNumber = frame->document()->tokenizer()->lineNumber();
    103         columnNumber = frame->document()->tokenizer()->columnNumber();
    104     }
    105     sourceURL = frame->document()->url().string();
    106     return V8LazyEventListener::create(attr->localName().string(), frame->document()->isSVGDocument(), attr->value(), sourceURL, lineNumber, columnNumber, WorldContextHandle(UseMainWorld));
    107 }
    108 
    109 String getEventListenerHandlerBody(ScriptExecutionContext* context, ScriptState* scriptState, EventListener* listener)
    110 {
    111     if (listener->type() != EventListener::JSEventListenerType)
    112         return "";
    113 
    114     ScriptScope scope(scriptState);
    115     V8AbstractEventListener* v8Listener = static_cast<V8AbstractEventListener*>(listener);
    116     v8::Handle<v8::Object> function = v8Listener->getListenerObject(context);
    117     if (function.IsEmpty())
    118         return "";
    119 
    120     return toWebCoreStringWithNullCheck(function);
    121 }
    122 
    123 } // namespace WebCore
    124