Google Git
Sign in
chromium / chromium / src.git / 7ea093ba47c5a1a1652f7249faf56399dd66876f^! / . / chrome / renderer / render_view.cc
commit7ea093ba47c5a1a1652f7249faf56399dd66876f[log] [tgz]
author[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Tue Nov 03 05:54:59 2009
committer[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Tue Nov 03 05:54:59 2009
tree9f6879802dc8445a09aa505b031f396138bb4605
parentfa7b6b547368d12ccd61f6cbf251f2ff0d37b504 [diff] [blame]
Chrome changes to extract the code from V8Proxy that special-cases
when scripts are allowed despite user preferences disabling them.

Adds more accessors and comments to WebSecurityOrigin.

Removes no longer necessary webkit_glue functions.

Removes no longer necessary TemporaryGlue.h file.

R=abarth
BUG=none
TEST=browser features like the new tab page and history view should
still work when passing --disable-javascript to chrome.  similarly,
file and ftp directory listings should remain functional when that
command line flag is specified.

Review URL: http://codereview.chromium.org/351013

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@30797 0039d316-1c4b-4281-b951-d872f2087c98

diff --git a/chrome/renderer/render_view.cc b/chrome/renderer/render_view.cc
index ce8a521..a2fea6f1d 100644
--- a/chrome/renderer/render_view.cc
+++ b/chrome/renderer/render_view.cc

@@ -2036,7 +2036,7 @@
   // The rest of RenderView assumes that a WebDataSource will always have a
   // non-null NavigationState.
   NavigationState* state = pending_navigation_state_.get() ?
-      pending_navigation_state_.release() : 
+      pending_navigation_state_.release() :
       NavigationState::CreateContentInitiated();
 
   state->set_user_script_idle_scheduler(
@@ -2444,6 +2444,31 @@
       origin.toString().utf8()));
 }
 
+bool RenderView::allowScript(WebFrame* frame, bool enabled_per_settings) {
+  if (enabled_per_settings)
+    return true;
+
+  WebSecurityOrigin origin = frame->securityOrigin();
+  if (origin.isEmpty())
+    return false;  // Uninitialized document?
+
+  if (EqualsASCII(origin.protocol(), chrome::kChromeUIScheme))
+    return true;  // Browser UI elements should still work.
+
+  // If the scheme is ftp: or file:, an empty file name indicates a directory
+  // listing, which requires JavaScript to function properly.
+  GURL frame_url = frame->url();
+  const char* kDirProtocols[] = { "ftp", "file" };
+  for (size_t i = 0; i < arraysize(kDirProtocols); ++i) {
+    if (EqualsASCII(origin.protocol(), kDirProtocols[i])) {
+      return frame_url.SchemeIs(kDirProtocols[i]) &&
+             frame_url.ExtractFileName().empty();
+    }
+  }
+
+  return false;  // Other protocols fall through here.
+}
+
 void RenderView::didExhaustMemoryAvailableForScript(WebFrame* frame) {
   Send(new ViewHostMsg_JSOutOfMemory(routing_id_));
 }