blob: bb8da962e14b5b87efbbf8222103d0be5149d2bf [file] [log] [blame]
/*
* Copyright (C) 1999 Lars Knoll (knoll@kde.org)
* (C) 1999 Antti Koivisto (koivisto@kde.org)
* (C) 2001 Dirk Mueller (mueller@kde.org)
* Copyright (C) 2003-2017 Apple Inc. All rights reserved.
* Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public License
* along with this library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301, USA.
*/
#include "config.h"
#include "ScriptElement.h"
#include "CachedResourceLoader.h"
#include "CachedResourceRequest.h"
#include "CachedScript.h"
#include "ContentSecurityPolicy.h"
#include "CrossOriginAccessControl.h"
#include "CurrentScriptIncrementer.h"
#include "Event.h"
#include "EventNames.h"
#include "Frame.h"
#include "FrameLoader.h"
#include "HTMLNames.h"
#include "HTMLParserIdioms.h"
#include "IgnoreDestructiveWriteCountIncrementer.h"
#include "InlineClassicScript.h"
#include "LoadableClassicScript.h"
#include "LoadableModuleScript.h"
#include "MIMETypeRegistry.h"
#include "PendingScript.h"
#include "RuntimeApplicationChecks.h"
#include "SVGScriptElement.h"
#include "ScriptController.h"
#include "ScriptDisallowedScope.h"
#include "ScriptRunner.h"
#include "ScriptSourceCode.h"
#include "ScriptableDocumentParser.h"
#include "Settings.h"
#include "TextNodeTraversal.h"
#include <wtf/StdLibExtras.h>
#include <wtf/text/StringBuilder.h>
#include <wtf/text/StringHash.h>
namespace WebCore {
static const auto maxUserGesturePropagationTime = 1_s;
ScriptElement::ScriptElement(Element& element, bool parserInserted, bool alreadyStarted)
: m_element(element)
, m_startLineNumber(WTF::OrdinalNumber::beforeFirst())
, m_parserInserted(parserInserted)
, m_isExternalScript(false)
, m_alreadyStarted(alreadyStarted)
, m_haveFiredLoad(false)
, m_errorOccurred(false)
, m_willBeParserExecuted(false)
, m_readyToBeParserExecuted(false)
, m_willExecuteWhenDocumentFinishedParsing(false)
, m_forceAsync(!parserInserted)
, m_willExecuteInOrder(false)
, m_isModuleScript(false)
, m_creationTime(MonotonicTime::now())
, m_userGestureToken(UserGestureIndicator::currentUserGesture())
{
if (parserInserted && m_element.document().scriptableDocumentParser() && !m_element.document().isInDocumentWrite())
m_startLineNumber = m_element.document().scriptableDocumentParser()->textPosition().m_line;
}
void ScriptElement::didFinishInsertingNode()
{
ASSERT(!m_parserInserted);
prepareScript(); // FIXME: Provide a real starting line number here.
}
void ScriptElement::childrenChanged(const ContainerNode::ChildChange& childChange)
{
if (!m_parserInserted && childChange.isInsertion() && m_element.isConnected())
prepareScript(); // FIXME: Provide a real starting line number here.
}
void ScriptElement::handleSourceAttribute(const String& sourceURL)
{
if (ignoresLoadRequest() || sourceURL.isEmpty())
return;
prepareScript(); // FIXME: Provide a real starting line number here.
}
void ScriptElement::handleAsyncAttribute()
{
m_forceAsync = false;
}
static bool isLegacySupportedJavaScriptLanguage(const String& language)
{
static const auto languages = makeNeverDestroyed(HashSet<String, ASCIICaseInsensitiveHash> {
"javascript",
"javascript1.0",
"javascript1.1",
"javascript1.2",
"javascript1.3",
"javascript1.4",
"javascript1.5",
"javascript1.6",
"javascript1.7",
"livescript",
"ecmascript",
"jscript",
});
return languages.get().contains(language);
}
void ScriptElement::dispatchErrorEvent()
{
m_element.dispatchEvent(Event::create(eventNames().errorEvent, Event::CanBubble::No, Event::IsCancelable::No));
}
Optional<ScriptElement::ScriptType> ScriptElement::determineScriptType(LegacyTypeSupport supportLegacyTypes) const
{
// FIXME: isLegacySupportedJavaScriptLanguage() is not valid HTML5. It is used here to maintain backwards compatibility with existing layout tests. The specific violations are:
// - Allowing type=javascript. type= should only support MIME types, such as text/javascript.
// - Allowing a different set of languages for language= and type=. language= supports Javascript 1.1 and 1.4-1.6, but type= does not.
String type = typeAttributeValue();
String language = languageAttributeValue();
if (type.isEmpty()) {
if (language.isEmpty())
return ScriptType::Classic; // Assume text/javascript.
if (MIMETypeRegistry::isSupportedJavaScriptMIMEType("text/" + language))
return ScriptType::Classic;
if (isLegacySupportedJavaScriptLanguage(language))
return ScriptType::Classic;
return WTF::nullopt;
}
if (MIMETypeRegistry::isSupportedJavaScriptMIMEType(type.stripWhiteSpace()))
return ScriptType::Classic;
if (supportLegacyTypes == AllowLegacyTypeInTypeAttribute && isLegacySupportedJavaScriptLanguage(type))
return ScriptType::Classic;
// FIXME: XHTML spec defines "defer" attribute. But WebKit does not implement it for a long time.
// And module tag also uses defer attribute semantics. We disable script type="module" for non HTML document.
// Once "defer" is implemented, we can reconsider enabling modules in XHTML.
// https://bugs.webkit.org/show_bug.cgi?id=123387
if (!m_element.document().isHTMLDocument())
return WTF::nullopt;
// https://html.spec.whatwg.org/multipage/scripting.html#attr-script-type
// Setting the attribute to an ASCII case-insensitive match for the string "module" means that the script is a module script.
if (equalLettersIgnoringASCIICase(type, "module"))
return ScriptType::Module;
return WTF::nullopt;
}
// http://dev.w3.org/html5/spec/Overview.html#prepare-a-script
bool ScriptElement::prepareScript(const TextPosition& scriptStartPosition, LegacyTypeSupport supportLegacyTypes)
{
if (m_alreadyStarted)
return false;
bool wasParserInserted;
if (m_parserInserted) {
wasParserInserted = true;
m_parserInserted = false;
} else
wasParserInserted = false;
if (wasParserInserted && !hasAsyncAttribute())
m_forceAsync = true;
// FIXME: HTML5 spec says we should check that all children are either comments or empty text nodes.
if (!hasSourceAttribute() && !m_element.firstChild())
return false;
if (!m_element.isConnected())
return false;
ScriptType scriptType = ScriptType::Classic;
if (Optional<ScriptType> result = determineScriptType(supportLegacyTypes))
scriptType = result.value();
else
return false;
m_isModuleScript = scriptType == ScriptType::Module;
if (wasParserInserted) {
m_parserInserted = true;
m_forceAsync = false;
}
m_alreadyStarted = true;
// FIXME: If script is parser inserted, verify it's still in the original document.
Document& document = m_element.document();
// FIXME: Eventually we'd like to evaluate scripts which are inserted into a
// viewless document but this'll do for now.
// See http://bugs.webkit.org/show_bug.cgi?id=5727
if (!document.frame())
return false;
if (scriptType == ScriptType::Classic && hasNoModuleAttribute())
return false;
if (!document.frame()->script().canExecuteScripts(AboutToExecuteScript))
return false;
if (scriptType == ScriptType::Classic && !isScriptForEventSupported())
return false;
// According to the spec, the module tag ignores the "charset" attribute as the same to the worker's
// importScript. But WebKit supports the "charset" for importScript intentionally. So to be consistent,
// even for the module tags, we handle the "charset" attribute.
if (!charsetAttributeValue().isEmpty())
m_characterEncoding = charsetAttributeValue();
else
m_characterEncoding = document.charset();
if (scriptType == ScriptType::Classic) {
if (hasSourceAttribute()) {
if (!requestClassicScript(sourceAttributeValue()))
return false;
}
} else {
ASSERT(scriptType == ScriptType::Module);
if (!requestModuleScript(scriptStartPosition))
return false;
}
// All the inlined module script is handled by requestModuleScript. It produces LoadableModuleScript and inlined module script
// is handled as the same to the external module script.
bool isClassicExternalScript = scriptType == ScriptType::Classic && hasSourceAttribute();
bool isParserInsertedDeferredScript = ((isClassicExternalScript && hasDeferAttribute()) || scriptType == ScriptType::Module)
&& m_parserInserted && !hasAsyncAttribute();
if (isParserInsertedDeferredScript) {
m_willExecuteWhenDocumentFinishedParsing = true;
m_willBeParserExecuted = true;
} else if (isClassicExternalScript && m_parserInserted && !hasAsyncAttribute()) {
ASSERT(scriptType == ScriptType::Classic);
m_willBeParserExecuted = true;
} else if ((isClassicExternalScript || scriptType == ScriptType::Module) && !hasAsyncAttribute() && !m_forceAsync) {
m_willExecuteInOrder = true;
ASSERT(m_loadableScript);
document.scriptRunner().queueScriptForExecution(*this, *m_loadableScript, ScriptRunner::IN_ORDER_EXECUTION);
} else if (hasSourceAttribute() || scriptType == ScriptType::Module) {
ASSERT(m_loadableScript);
ASSERT(hasAsyncAttribute() || m_forceAsync);
document.scriptRunner().queueScriptForExecution(*this, *m_loadableScript, ScriptRunner::ASYNC_EXECUTION);
} else if (!hasSourceAttribute() && m_parserInserted && !document.haveStylesheetsLoaded()) {
ASSERT(scriptType == ScriptType::Classic);
m_willBeParserExecuted = true;
m_readyToBeParserExecuted = true;
} else {
ASSERT(scriptType == ScriptType::Classic);
TextPosition position = document.isInDocumentWrite() ? TextPosition() : scriptStartPosition;
executeClassicScript(ScriptSourceCode(scriptContent(), URL(document.url()), position, JSC::SourceProviderSourceType::Program, InlineClassicScript::create(*this)));
}
return true;
}
bool ScriptElement::requestClassicScript(const String& sourceURL)
{
Ref<Document> originalDocument(m_element.document());
if (!m_element.dispatchBeforeLoadEvent(sourceURL))
return false;
bool didEventListenerDisconnectThisElement = !m_element.isConnected() || &m_element.document() != originalDocument.ptr();
if (didEventListenerDisconnectThisElement)
return false;
ASSERT(!m_loadableScript);
if (!stripLeadingAndTrailingHTMLSpaces(sourceURL).isEmpty()) {
auto script = LoadableClassicScript::create(
m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr),
m_element.document().settings().subresourceIntegrityEnabled() ? m_element.attributeWithoutSynchronization(HTMLNames::integrityAttr).string() : emptyString(),
referrerPolicy(),
m_element.attributeWithoutSynchronization(HTMLNames::crossoriginAttr),
scriptCharset(),
m_element.localName(),
m_element.isInUserAgentShadowTree());
auto scriptURL = m_element.document().completeURL(sourceURL);
m_element.document().willLoadScriptElement(scriptURL);
if (script->load(m_element.document(), scriptURL)) {
m_loadableScript = WTFMove(script);
m_isExternalScript = true;
}
}
if (m_loadableScript)
return true;
callOnMainThread([this, element = Ref<Element>(m_element)] {
dispatchErrorEvent();
});
return false;
}
bool ScriptElement::requestModuleScript(const TextPosition& scriptStartPosition)
{
String nonce = m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr);
String crossOriginMode = m_element.attributeWithoutSynchronization(HTMLNames::crossoriginAttr);
if (crossOriginMode.isNull())
crossOriginMode = "omit"_s;
if (hasSourceAttribute()) {
String sourceURL = sourceAttributeValue();
Ref<Document> originalDocument(m_element.document());
if (!m_element.dispatchBeforeLoadEvent(sourceURL))
return false;
bool didEventListenerDisconnectThisElement = !m_element.isConnected() || &m_element.document() != originalDocument.ptr();
if (didEventListenerDisconnectThisElement)
return false;
if (stripLeadingAndTrailingHTMLSpaces(sourceURL).isEmpty()) {
dispatchErrorEvent();
return false;
}
auto moduleScriptRootURL = m_element.document().completeURL(sourceURL);
if (!moduleScriptRootURL.isValid()) {
dispatchErrorEvent();
return false;
}
m_isExternalScript = true;
auto script = LoadableModuleScript::create(
nonce,
m_element.document().settings().subresourceIntegrityEnabled() ? m_element.attributeWithoutSynchronization(HTMLNames::integrityAttr).string() : emptyString(),
referrerPolicy(),
crossOriginMode,
scriptCharset(),
m_element.localName(),
m_element.isInUserAgentShadowTree());
script->load(m_element.document(), moduleScriptRootURL);
m_loadableScript = WTFMove(script);
return true;
}
auto script = LoadableModuleScript::create(nonce, emptyString(), referrerPolicy(), crossOriginMode, scriptCharset(), m_element.localName(), m_element.isInUserAgentShadowTree());
TextPosition position = m_element.document().isInDocumentWrite() ? TextPosition() : scriptStartPosition;
ScriptSourceCode sourceCode(scriptContent(), URL(m_element.document().url()), position, JSC::SourceProviderSourceType::Module, script.copyRef());
ASSERT(m_element.document().contentSecurityPolicy());
const auto& contentSecurityPolicy = *m_element.document().contentSecurityPolicy();
bool hasKnownNonce = contentSecurityPolicy.allowScriptWithNonce(nonce, m_element.isInUserAgentShadowTree());
if (!contentSecurityPolicy.allowInlineScript(m_element.document().url(), m_startLineNumber, sourceCode.source().toStringWithoutCopying(), hasKnownNonce))
return false;
script->load(m_element.document(), sourceCode);
m_loadableScript = WTFMove(script);
return true;
}
void ScriptElement::executeClassicScript(const ScriptSourceCode& sourceCode)
{
RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(ScriptDisallowedScope::InMainThread::isScriptAllowed() || !isInWebProcess());
ASSERT(m_alreadyStarted);
if (sourceCode.isEmpty())
return;
if (!m_isExternalScript) {
ASSERT(m_element.document().contentSecurityPolicy());
const ContentSecurityPolicy& contentSecurityPolicy = *m_element.document().contentSecurityPolicy();
bool hasKnownNonce = contentSecurityPolicy.allowScriptWithNonce(m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr), m_element.isInUserAgentShadowTree());
if (!contentSecurityPolicy.allowInlineScript(m_element.document().url(), m_startLineNumber, sourceCode.source().toStringWithoutCopying(), hasKnownNonce))
return;
}
auto& document = m_element.document();
auto* frame = document.frame();
if (!frame)
return;
IgnoreDestructiveWriteCountIncrementer ignoreDesctructiveWriteCountIncrementer(m_isExternalScript ? &document : nullptr);
CurrentScriptIncrementer currentScriptIncrementer(document, m_element);
frame->script().evaluateIgnoringException(sourceCode);
}
void ScriptElement::executeModuleScript(LoadableModuleScript& loadableModuleScript)
{
// https://html.spec.whatwg.org/multipage/scripting.html#execute-the-script-block
ASSERT(!loadableModuleScript.error());
auto& document = m_element.document();
auto* frame = document.frame();
if (!frame)
return;
IgnoreDestructiveWriteCountIncrementer ignoreDesctructiveWriteCountIncrementer(&document);
CurrentScriptIncrementer currentScriptIncrementer(document, m_element);
frame->script().linkAndEvaluateModuleScript(loadableModuleScript);
}
void ScriptElement::dispatchLoadEventRespectingUserGestureIndicator()
{
if (MonotonicTime::now() - m_creationTime > maxUserGesturePropagationTime) {
dispatchLoadEvent();
return;
}
UserGestureIndicator indicator(m_userGestureToken);
dispatchLoadEvent();
}
void ScriptElement::executeScriptAndDispatchEvent(LoadableScript& loadableScript)
{
if (Optional<LoadableScript::Error> error = loadableScript.error()) {
if (Optional<LoadableScript::ConsoleMessage> message = error->consoleMessage)
m_element.document().addConsoleMessage(message->source, message->level, message->message);
dispatchErrorEvent();
} else if (!loadableScript.wasCanceled()) {
ASSERT(!loadableScript.error());
loadableScript.execute(*this);
dispatchLoadEventRespectingUserGestureIndicator();
}
}
void ScriptElement::executePendingScript(PendingScript& pendingScript)
{
if (auto* loadableScript = pendingScript.loadableScript())
executeScriptAndDispatchEvent(*loadableScript);
else {
ASSERT(!pendingScript.error());
ASSERT_WITH_MESSAGE(scriptType() == ScriptType::Classic, "Module script always have a loadableScript pointer.");
executeClassicScript(ScriptSourceCode(scriptContent(), URL(m_element.document().url()), pendingScript.startingPosition(), JSC::SourceProviderSourceType::Program, InlineClassicScript::create(*this)));
dispatchLoadEventRespectingUserGestureIndicator();
}
}
bool ScriptElement::ignoresLoadRequest() const
{
return m_alreadyStarted || m_isExternalScript || m_parserInserted || !m_element.isConnected();
}
bool ScriptElement::isScriptForEventSupported() const
{
String eventAttribute = eventAttributeValue();
String forAttribute = forAttributeValue();
if (!eventAttribute.isNull() && !forAttribute.isNull()) {
forAttribute = stripLeadingAndTrailingHTMLSpaces(forAttribute);
if (!equalLettersIgnoringASCIICase(forAttribute, "window"))
return false;
eventAttribute = stripLeadingAndTrailingHTMLSpaces(eventAttribute);
if (!equalLettersIgnoringASCIICase(eventAttribute, "onload") && !equalLettersIgnoringASCIICase(eventAttribute, "onload()"))
return false;
}
return true;
}
String ScriptElement::scriptContent() const
{
return TextNodeTraversal::childTextContent(m_element);
}
void ScriptElement::ref()
{
m_element.ref();
}
void ScriptElement::deref()
{
m_element.deref();
}
bool isScriptElement(Element& element)
{
return is<HTMLScriptElement>(element) || is<SVGScriptElement>(element);
}
ScriptElement& downcastScriptElement(Element& element)
{
if (is<HTMLScriptElement>(element))
return downcast<HTMLScriptElement>(element);
return downcast<SVGScriptElement>(element);
}
}