2 * Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
3 * Copyright (C) 2001 Peter Kelly (pmk@post.com)
4 * Copyright (C) 2006, 2007, 2008 Apple Inc. All rights reserved.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 #include "ScriptController.h"
24 #include "ContentSecurityPolicy.h"
26 #include "DocumentLoader.h"
28 #include "FrameLoaderClient.h"
30 #include "ScriptSourceCode.h"
31 #include "ScriptValue.h"
32 #include "SecurityOrigin.h"
34 #include "UserGestureIndicator.h"
35 #include <wtf/text/TextPosition.h>
39 bool ScriptController::canExecuteScripts(ReasonForCallingCanExecuteScripts reason)
41 if (m_frame->document() && m_frame->document()->isSandboxed(SandboxScripts))
44 if (m_frame->document() && m_frame->document()->isViewSource()) {
45 ASSERT(m_frame->document()->securityOrigin()->isUnique());
49 Settings* settings = m_frame->settings();
50 const bool allowed = m_frame->loader()->client()->allowScript(settings && settings->isScriptEnabled());
51 if (!allowed && reason == AboutToExecuteScript)
52 m_frame->loader()->client()->didNotAllowScript();
56 ScriptValue ScriptController::executeScript(const String& script, bool forceUserGesture)
58 UserGestureIndicator gestureIndicator(forceUserGesture ? DefinitelyProcessingUserGesture : PossiblyProcessingUserGesture);
59 return executeScript(ScriptSourceCode(script, m_frame->document()->url()));
62 ScriptValue ScriptController::executeScript(const ScriptSourceCode& sourceCode)
64 if (!canExecuteScripts(AboutToExecuteScript) || isPaused())
67 RefPtr<Frame> protect(m_frame); // Script execution can destroy the frame, and thus the ScriptController.
69 return evaluate(sourceCode);
72 bool ScriptController::executeIfJavaScriptURL(const KURL& url, ShouldReplaceDocumentIfJavaScriptURL shouldReplaceDocumentIfJavaScriptURL)
74 if (!protocolIsJavaScript(url))
78 || !m_frame->page()->javaScriptURLsAreAllowed()
79 || !m_frame->document()->contentSecurityPolicy()->allowJavaScriptURLs(m_frame->document()->url(), eventHandlerPosition().m_line)
80 || m_frame->inViewSourceMode())
83 // We need to hold onto the Frame here because executing script can
85 RefPtr<Frame> protector(m_frame);
86 RefPtr<Document> ownerDocument(m_frame->document());
88 const int javascriptSchemeLength = sizeof("javascript:") - 1;
90 String decodedURL = decodeURLEscapeSequences(url.string());
91 ScriptValue result = executeScript(decodedURL.substring(javascriptSchemeLength));
93 // If executing script caused this frame to be removed from the page, we
94 // don't want to try to replace its document!
100 JSDOMWindowShell* shell = windowShell(mainThreadNormalWorld());
101 JSC::ExecState* exec = shell->window()->globalExec();
102 if (!result.getString(exec, scriptResult))
105 if (!result.getString(scriptResult))
109 // FIXME: We should always replace the document, but doing so
110 // synchronously can cause crashes:
111 // http://bugs.webkit.org/show_bug.cgi?id=16782
112 if (shouldReplaceDocumentIfJavaScriptURL == ReplaceDocumentIfJavaScriptURL) {
113 // We're still in a frame, so there should be a DocumentLoader.
114 ASSERT(m_frame->document()->loader());
116 // DocumentWriter::replaceDocument can cause the DocumentLoader to get deref'ed and possible destroyed,
117 // so protect it with a RefPtr.
118 if (RefPtr<DocumentLoader> loader = m_frame->document()->loader())
119 loader->writer()->replaceDocument(scriptResult, ownerDocument.get());
124 } // namespace WebCore