Merge r41190.
git-svn-id: http://svn.webkit.org/repository/webkit/branches/Safari-3-2-branch@41281 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index d10fb40..2aaa728 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,25 @@
+2009-02-26 Mark Rowe <mrowe@apple.com>
+
+ Merge r41190.
+
+ 2009-02-24 Sam Weinig <sam@webkit.org>
+
+ Reviewed by Geoffrey Garen.
+
+ Related to <rdar://problem/6590295>
+ Allow disabling javascript: urls.
+
+ * WebCore.base.exp:
+ * html/HTMLAnchorElement.cpp:
+ (WebCore::HTMLAnchorElement::parseMappedAttribute):
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::executeIfJavaScriptURL):
+ * page/Page.cpp:
+ (WebCore::Page::Page):
+ (WebCore::Page::setJavaScriptURLsAreAllowed):
+ (WebCore::Page::javaScriptURLsAreAllowed):
+ * page/Page.h:
+
2009-01-28 Ada Chan <adachan@apple.com>
Merge the rest of r33579.
diff --git a/WebCore/WebCore.base.exp b/WebCore/WebCore.base.exp
index f01cda5..10cf0be 100644
--- a/WebCore/WebCore.base.exp
+++ b/WebCore/WebCore.base.exp
@@ -381,6 +381,7 @@
__ZN7WebCore4Page15backForwardListEv
__ZN7WebCore4Page16setDefersLoadingEb
__ZN7WebCore4Page23clearUndoRedoOperationsEv
+__ZN7WebCore4Page27setJavaScriptURLsAreAllowedEb
__ZN7WebCore4Page37setInLowQualityImageInterpolationModeEb
__ZN7WebCore4Page6goBackEv
__ZN7WebCore4Page8goToItemEPNS_11HistoryItemENS_13FrameLoadTypeE
diff --git a/WebCore/html/HTMLAnchorElement.cpp b/WebCore/html/HTMLAnchorElement.cpp
index 5daf2a0..99d8a78 100644
--- a/WebCore/html/HTMLAnchorElement.cpp
+++ b/WebCore/html/HTMLAnchorElement.cpp
@@ -36,6 +36,7 @@
#include "KeyboardEvent.h"
#include "MouseEvent.h"
#include "MutationEvent.h"
+#include "Page.h"
#include "RenderFlow.h"
#include "RenderImage.h"
#include "ResourceRequest.h"
@@ -271,6 +272,10 @@
m_isLink = !attr->isNull();
if (wasLink != m_isLink)
setChanged();
+ if (m_isLink && document()->page() && !document()->page()->javaScriptURLsAreAllowed() && parseURL(attr->value()).startsWith("javascript:", false)) {
+ m_isLink = false;
+ attr->setValue(nullAtom);
+ }
} else if (attr->name() == nameAttr ||
attr->name() == titleAttr ||
attr->name() == relAttr) {
diff --git a/WebCore/loader/FrameLoader.cpp b/WebCore/loader/FrameLoader.cpp
index d2acf63..3e4d9ac 100644
--- a/WebCore/loader/FrameLoader.cpp
+++ b/WebCore/loader/FrameLoader.cpp
@@ -723,6 +723,9 @@
if (!url.deprecatedString().startsWith("javascript:", false))
return false;
+ if (m_frame->page() && !m_frame->page()->javaScriptURLsAreAllowed())
+ return true;
+
String script = KURL::decode_string(url.deprecatedString().mid(strlen("javascript:")));
JSValue* result = executeScript(script, userGesture);
diff --git a/WebCore/page/Page.cpp b/WebCore/page/Page.cpp
index efae3bf..e69c567 100644
--- a/WebCore/page/Page.cpp
+++ b/WebCore/page/Page.cpp
@@ -83,6 +83,7 @@
, m_tabKeyCyclesThroughElements(true)
, m_defersLoading(false)
, m_inLowQualityInterpolationMode(false)
+ , m_javaScriptURLsAreAllowed(true)
, m_parentInspectorController(0)
, m_didLoadUserStyleSheet(false)
, m_userStyleSheetModificationTime(0)
@@ -360,4 +361,14 @@
return m_userStyleSheet;
}
+void Page::setJavaScriptURLsAreAllowed(bool areAllowed)
+{
+ m_javaScriptURLsAreAllowed = areAllowed;
+}
+
+bool Page::javaScriptURLsAreAllowed() const
+{
+ return m_javaScriptURLsAreAllowed;
+}
+
} // namespace WebCore
diff --git a/WebCore/page/Page.h b/WebCore/page/Page.h
index b685e3f..5d72a7e 100644
--- a/WebCore/page/Page.h
+++ b/WebCore/page/Page.h
@@ -126,6 +126,9 @@
void userStyleSheetLocationChanged();
const String& userStyleSheet() const;
+ void setJavaScriptURLsAreAllowed(bool);
+ bool javaScriptURLsAreAllowed() const;
+
#if PLATFORM(WIN) || (PLATFORM(WX) && PLATFORM(WIN_OS))
// The global DLL or application instance used for all windows.
static void setInstanceHandle(HINSTANCE instanceHandle) { s_instanceHandle = instanceHandle; }
@@ -155,7 +158,9 @@
bool m_defersLoading;
bool m_inLowQualityInterpolationMode;
-
+
+ bool m_javaScriptURLsAreAllowed;
+
InspectorController* m_parentInspectorController;
String m_userStyleSheetPath;
diff --git a/WebKit/mac/ChangeLog b/WebKit/mac/ChangeLog
index cb391fb..b13a65a 100644
--- a/WebKit/mac/ChangeLog
+++ b/WebKit/mac/ChangeLog
@@ -1,3 +1,18 @@
+2009-02-26 Mark Rowe <mrowe@apple.com>
+
+ Merge r41190.
+
+ 2009-02-24 Sam Weinig <sam@webkit.org>
+
+ Reviewed by Geoffrey Garen.
+
+ Related to <rdar://problem/6590295>
+ Allow disabling javascript: urls.
+
+ * WebView/WebView.mm:
+ (-[WebView _setJavaScriptURLsAreAllowed:]):
+ * WebView/WebViewPrivate.h:
+
2008-11-17 Mark Rowe <mrowe@apple.com>
Merge r31925.
diff --git a/WebKit/mac/WebView/WebView.mm b/WebKit/mac/WebView/WebView.mm
index f278fcf..87c1c25 100644
--- a/WebKit/mac/WebView/WebView.mm
+++ b/WebKit/mac/WebView/WebView.mm
@@ -1508,6 +1508,11 @@
return usesTestModeFocusRingColor();
}
+- (void)_setJavaScriptURLsAreAllowed:(BOOL)areAllowed
+{
+ _private->page->setJavaScriptURLsAreAllowed(areAllowed);
+}
+
// This is only used by older versions of Safari and should be removed in a future release.
+ (NSString *)_minimumRequiredSafariBuildNumber
{
diff --git a/WebKit/mac/WebView/WebViewPrivate.h b/WebKit/mac/WebView/WebViewPrivate.h
index c3430b8..58ad518 100644
--- a/WebKit/mac/WebView/WebViewPrivate.h
+++ b/WebKit/mac/WebView/WebViewPrivate.h
@@ -336,6 +336,8 @@
- (BOOL)_inFastImageScalingMode;
- (void)_setUseFastImageScalingMode:(BOOL)flag;
+- (void)_setJavaScriptURLsAreAllowed:(BOOL)setJavaScriptURLsAreAllowed;
+
// SPI for DumpRenderTree
- (void)_executeCoreCommandByName:(NSString *)name value:(NSString *)value;
diff --git a/WebKit/win/ChangeLog b/WebKit/win/ChangeLog
index 001bf4f..51c0053 100644
--- a/WebKit/win/ChangeLog
+++ b/WebKit/win/ChangeLog
@@ -1,3 +1,19 @@
+2009-02-26 Mark Rowe <mrowe@apple.com>
+
+ Merge r41190.
+
+ 2009-02-24 Sam Weinig <sam@webkit.org>
+
+ Reviewed by Geoffrey Garen.
+
+ Related to <rdar://problem/6590295>
+ Allow disabling javascript: urls.
+
+ * Interfaces/IWebViewPrivate.idl:
+ * WebView.cpp:
+ (WebView::setJavaScriptURLsAreAllowed):
+ * WebView.h:
+
2009-01-20 Mark Rowe <mrowe@apple.com>
Merge r33579.
diff --git a/WebKit/win/Interfaces/IWebViewPrivate.idl b/WebKit/win/Interfaces/IWebViewPrivate.idl
index 38abc50..8a2b793 100644
--- a/WebKit/win/Interfaces/IWebViewPrivate.idl
+++ b/WebKit/win/Interfaces/IWebViewPrivate.idl
@@ -147,4 +147,23 @@
HRESULT defersCallbacks([out, retval] BOOL* defersCallbacks);
HRESULT standardUserAgentWithApplicationName([in] BSTR applicationName, [retval][out] BSTR* groupName);
+
+ // The following methods exist to provide vtable layout compatibility with TOT.
+ HRESULT placeholder1();
+ HRESULT placeholder2();
+ HRESULT placeholder3();
+ HRESULT placeholder4();
+ HRESULT placeholder5();
+ HRESULT placeholder6();
+ HRESULT placeholder7();
+ HRESULT placeholder8();
+ HRESULT placeholder9();
+ HRESULT placeholder10();
+ HRESULT placeholder11();
+ HRESULT placeholder12();
+ HRESULT placeholder13();
+ HRESULT placeholder14();
+ HRESULT placeholder15();
+
+ HRESULT setJavaScriptURLsAreAllowed([in] BOOL areAllowed);
}
diff --git a/WebKit/win/WebView.cpp b/WebKit/win/WebView.cpp
index 4d6fd25..7d76076 100644
--- a/WebKit/win/WebView.cpp
+++ b/WebKit/win/WebView.cpp
@@ -4685,6 +4685,12 @@
return S_OK;
}
+HRESULT WebView::setJavaScriptURLsAreAllowed(BOOL areAllowed)
+{
+ m_page->setJavaScriptURLsAreAllowed(areAllowed);
+ return S_OK;
+}
+
class EnumTextMatches : public IEnumTextMatches
{
long m_ref;
diff --git a/WebKit/win/WebView.h b/WebKit/win/WebView.h
index e18dc17..4fe29b4 100644
--- a/WebKit/win/WebView.h
+++ b/WebKit/win/WebView.h
@@ -647,6 +647,26 @@
virtual HRESULT STDMETHODCALLTYPE defersCallbacks(
/* [out, retval] */ BOOL* defersCallbacks);
+ // The following methods exist to provide vtable layout compatibility with TOT.
+ virtual HRESULT STDMETHODCALLTYPE placeholder1() { return E_NOTIMPL; }
+ virtual HRESULT STDMETHODCALLTYPE placeholder2() { return E_NOTIMPL; }
+ virtual HRESULT STDMETHODCALLTYPE placeholder3() { return E_NOTIMPL; }
+ virtual HRESULT STDMETHODCALLTYPE placeholder4() { return E_NOTIMPL; }
+ virtual HRESULT STDMETHODCALLTYPE placeholder5() { return E_NOTIMPL; }
+ virtual HRESULT STDMETHODCALLTYPE placeholder6() { return E_NOTIMPL; }
+ virtual HRESULT STDMETHODCALLTYPE placeholder7() { return E_NOTIMPL; }
+ virtual HRESULT STDMETHODCALLTYPE placeholder8() { return E_NOTIMPL; }
+ virtual HRESULT STDMETHODCALLTYPE placeholder9() { return E_NOTIMPL; }
+ virtual HRESULT STDMETHODCALLTYPE placeholder10() { return E_NOTIMPL; }
+ virtual HRESULT STDMETHODCALLTYPE placeholder11() { return E_NOTIMPL; }
+ virtual HRESULT STDMETHODCALLTYPE placeholder12() { return E_NOTIMPL; }
+ virtual HRESULT STDMETHODCALLTYPE placeholder13() { return E_NOTIMPL; }
+ virtual HRESULT STDMETHODCALLTYPE placeholder14() { return E_NOTIMPL; }
+ virtual HRESULT STDMETHODCALLTYPE placeholder15() { return E_NOTIMPL; }
+
+ virtual HRESULT STDMETHODCALLTYPE setJavaScriptURLsAreAllowed(
+ /* [in] */ BOOL areAllowed);
+
// WebView
WebCore::Page* page();
bool handleMouseEvent(UINT, WPARAM, LPARAM);
