Diff
Modified: trunk/LayoutTests/ChangeLog (86836 => 86837)
--- trunk/LayoutTests/ChangeLog 2011-05-19 11:10:45 UTC (rev 86836)
+++ trunk/LayoutTests/ChangeLog 2011-05-19 11:47:02 UTC (rev 86837)
@@ -1,3 +1,13 @@
+2011-05-18 Yury Semikhatsky <[email protected]>
+
+ Reviewed by Pavel Feldman.
+
+ InjectedScriptSource.js - "Don't be eval()."
+ https://bugs.webkit.org/show_bug.cgi?id=60800
+
+ * inspector/console/console-eval-blocked-expected.txt: Added.
+ * inspector/console/console-eval-blocked.html: Added.
+
2011-05-19 Chang Shu <[email protected]>
Reviewed by Csaba Osztrogonác.
Added: trunk/LayoutTests/inspector/console/console-eval-blocked-expected.txt (0 => 86837)
--- trunk/LayoutTests/inspector/console/console-eval-blocked-expected.txt (rev 0)
+++ trunk/LayoutTests/inspector/console/console-eval-blocked-expected.txt 2011-05-19 11:47:02 UTC (rev 86837)
@@ -0,0 +1,5 @@
+Tests that evaluation in console still works even if script evals are prohibited by Content-Security-Policy. Bug 60800.
+
+1+2
+3
+
Property changes on: trunk/LayoutTests/inspector/console/console-eval-blocked-expected.txt
___________________________________________________________________
Added: svn:eol-style
Added: trunk/LayoutTests/inspector/console/console-eval-blocked.html (0 => 86837)
--- trunk/LayoutTests/inspector/console/console-eval-blocked.html (rev 0)
+++ trunk/LayoutTests/inspector/console/console-eval-blocked.html 2011-05-19 11:47:02 UTC (rev 86837)
@@ -0,0 +1,24 @@
+<html>
+<head>
+<script src=""
+<script src=""
+<meta http-equiv="X-WebKit-CSP" content="script-src 'unsafe-inline'">
+<script>
+function test()
+{
+ InspectorTest.evaluateInConsole("1+2", step1);
+ function step1()
+ {
+ InspectorTest.dumpConsoleMessages();
+ InspectorTest.completeTest();
+ }
+}
+</script>
+</head>
+<body _onload_="runTest()">
+<p>
+Tests that evaluation in console still works even if script evals are prohibited by Content-Security-Policy.
+<a href="" 60800.</a>
+</p>
+</body>
+</html>
Property changes on: trunk/LayoutTests/inspector/console/console-eval-blocked.html
___________________________________________________________________
Added: svn:eol-style
Modified: trunk/Source/_javascript_Core/_javascript_Core.exp (86836 => 86837)
--- trunk/Source/_javascript_Core/_javascript_Core.exp 2011-05-19 11:10:45 UTC (rev 86836)
+++ trunk/Source/_javascript_Core/_javascript_Core.exp 2011-05-19 11:47:02 UTC (rev 86837)
@@ -155,7 +155,6 @@
__ZN3JSC13SamplingFlags7s_flagsE
__ZN3JSC13StatementNode6setLocEii
__ZN3JSC14JSGlobalObject10globalExecEv
-__ZN3JSC14JSGlobalObject11disableEvalEv
__ZN3JSC14JSGlobalObject12defineGetterEPNS_9ExecStateERKNS_10IdentifierEPNS_8JSObjectEj
__ZN3JSC14JSGlobalObject12defineSetterEPNS_9ExecStateERKNS_10IdentifierEPNS_8JSObjectEj
__ZN3JSC14JSGlobalObject13visitChildrenERNS_9MarkStackE
Modified: trunk/Source/_javascript_Core/_javascript_Core.vcproj/_javascript_Core/_javascript_Core.def (86836 => 86837)
--- trunk/Source/_javascript_Core/_javascript_Core.vcproj/_javascript_Core/_javascript_Core.def 2011-05-19 11:10:45 UTC (rev 86836)
+++ trunk/Source/_javascript_Core/_javascript_Core.vcproj/_javascript_Core/_javascript_Core.def 2011-05-19 11:47:02 UTC (rev 86837)
@@ -152,7 +152,6 @@
?detach@Debugger@JSC@@UAEXPAVJSGlobalObject@2@@Z
?detachThread@WTF@@YAXI@Z
?didTimeOut@TimeoutChecker@JSC@@QAE_NPAVExecState@2@@Z
- ?disableEval@JSGlobalObject@JSC@@QAEXXZ
?dtoa@WTF@@YAXQADNAA_NAAHAAI@Z
?dumpSampleData@JSGlobalData@JSC@@QAEXPAVExecState@2@@Z
?empty@StringImpl@WTF@@SAPAV12@XZ
Modified: trunk/Source/_javascript_Core/runtime/Executable.cpp (86836 => 86837)
--- trunk/Source/_javascript_Core/runtime/Executable.cpp 2011-05-19 11:10:45 UTC (rev 86836)
+++ trunk/Source/_javascript_Core/runtime/Executable.cpp 2011-05-19 11:47:02 UTC (rev 86837)
@@ -102,7 +102,7 @@
JSObject* exception = 0;
JSGlobalData* globalData = &exec->globalData();
JSGlobalObject* lexicalGlobalObject = exec->lexicalGlobalObject();
- if (!lexicalGlobalObject->isEvalEnabled())
+ if (!lexicalGlobalObject->evalEnabled())
return throwError(exec, createEvalError(exec, "Eval is disabled"));
RefPtr<EvalNode> evalNode = globalData->parser->parse<EvalNode>(lexicalGlobalObject, lexicalGlobalObject->debugger(), exec, m_source, 0, isStrictMode() ? JSParseStrict : JSParseNormal, &exception);
if (!evalNode) {
Modified: trunk/Source/_javascript_Core/runtime/FunctionConstructor.cpp (86836 => 86837)
--- trunk/Source/_javascript_Core/runtime/FunctionConstructor.cpp 2011-05-19 11:10:45 UTC (rev 86836)
+++ trunk/Source/_javascript_Core/runtime/FunctionConstructor.cpp 2011-05-19 11:47:02 UTC (rev 86837)
@@ -74,7 +74,7 @@
// ECMA 15.3.2 The Function Constructor
JSObject* constructFunction(ExecState* exec, JSGlobalObject* globalObject, const ArgList& args, const Identifier& functionName, const UString& sourceURL, int lineNumber)
{
- if (!globalObject->isEvalEnabled())
+ if (!globalObject->evalEnabled())
return throwError(exec, createEvalError(exec, "Function constructor is disabled"));
return constructFunctionSkippingEvalEnabledCheck(exec, globalObject, args, functionName, sourceURL, lineNumber);
}
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp (86836 => 86837)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2011-05-19 11:10:45 UTC (rev 86836)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.cpp 2011-05-19 11:47:02 UTC (rev 86837)
@@ -376,12 +376,6 @@
return true;
}
-void JSGlobalObject::disableEval()
-{
- ASSERT(m_isEvalEnabled);
- m_isEvalEnabled = false;
-}
-
void JSGlobalObject::copyGlobalsFrom(RegisterFile& registerFile)
{
ASSERT(!m_registerArray);
Modified: trunk/Source/_javascript_Core/runtime/JSGlobalObject.h (86836 => 86837)
--- trunk/Source/_javascript_Core/runtime/JSGlobalObject.h 2011-05-19 11:10:45 UTC (rev 86836)
+++ trunk/Source/_javascript_Core/runtime/JSGlobalObject.h 2011-05-19 11:47:02 UTC (rev 86837)
@@ -119,7 +119,7 @@
SymbolTable m_symbolTable;
- bool m_isEvalEnabled;
+ bool m_evalEnabled;
public:
void* operator new(size_t, JSGlobalData*);
@@ -129,7 +129,7 @@
, m_registerArraySize(0)
, m_globalScopeChain()
, m_weakRandom(static_cast<unsigned>(randomNumber() * (std::numeric_limits<unsigned>::max() + 1.0)))
- , m_isEvalEnabled(true)
+ , m_evalEnabled(true)
{
COMPILE_ASSERT(JSGlobalObject::AnonymousSlotCount == 1, JSGlobalObject_has_only_a_single_slot);
putThisToAnonymousValue(0);
@@ -144,7 +144,7 @@
, m_registerArraySize(0)
, m_globalScopeChain()
, m_weakRandom(static_cast<unsigned>(randomNumber() * (std::numeric_limits<unsigned>::max() + 1.0)))
- , m_isEvalEnabled(true)
+ , m_evalEnabled(true)
{
COMPILE_ASSERT(JSGlobalObject::AnonymousSlotCount == 1, JSGlobalObject_has_only_a_single_slot);
putThisToAnonymousValue(0);
@@ -235,8 +235,8 @@
virtual bool isDynamicScope(bool& requiresDynamicChecks) const;
- void disableEval();
- bool isEvalEnabled() { return m_isEvalEnabled; }
+ void setEvalEnabled(bool enabled) { m_evalEnabled = enabled; }
+ bool evalEnabled() { return m_evalEnabled; }
void copyGlobalsFrom(RegisterFile&);
void copyGlobalsTo(RegisterFile&);
Modified: trunk/Source/WebCore/ChangeLog (86836 => 86837)
--- trunk/Source/WebCore/ChangeLog 2011-05-19 11:10:45 UTC (rev 86836)
+++ trunk/Source/WebCore/ChangeLog 2011-05-19 11:47:02 UTC (rev 86837)
@@ -1,3 +1,27 @@
+2011-05-18 Yury Semikhatsky <[email protected]>
+
+ Reviewed by Pavel Feldman.
+
+ InjectedScriptSource.js - "Don't be eval()."
+ https://bugs.webkit.org/show_bug.cgi?id=60800
+
+ Thanks to Adam Barth for providing JSC implementation!
+
+ InjectedScriptHost.evaluate is used to perform script evaluations for
+ inspector needs. This method is not affected by CSP and should fix inspector
+ on pages with CSP restrictions.
+
+ Test: inspector/console/console-eval-blocked.html
+
+ * bindings/js/JSInjectedScriptHostCustom.cpp:
+ (WebCore::JSInjectedScriptHost::evaluate):
+ * bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
+ (WebCore::V8InjectedScriptHost::evaluateCallback):
+ (WebCore::V8InjectedScriptHost::inspectedNodeCallback):
+ * inspector/InjectedScriptHost.idl:
+ * inspector/InjectedScriptSource.js:
+ (.):
+
2011-05-19 Pavel Feldman <[email protected]>
Reviewed by Yury Semikhatsky.
Modified: trunk/Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp (86836 => 86837)
--- trunk/Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp 2011-05-19 11:10:45 UTC (rev 86836)
+++ trunk/Source/WebCore/bindings/js/JSInjectedScriptHostCustom.cpp 2011-05-19 11:47:02 UTC (rev 86837)
@@ -53,7 +53,9 @@
#include "JSStorage.h"
#endif
#include <runtime/DateInstance.h>
+#include <runtime/Error.h>
#include <runtime/JSArray.h>
+#include <runtime/JSFunction.h>
#include <runtime/JSLock.h>
#include <runtime/RegExpObject.h>
@@ -74,6 +76,28 @@
return ScriptValue(state->globalData(), toJS(state, deprecatedGlobalObjectForPrototype(state), node));
}
+JSValue JSInjectedScriptHost::evaluate(ExecState* exec)
+{
+ JSValue _expression_ = exec->argument(0);
+ if (!_expression_.isString())
+ return throwError(exec, createError(exec, "String argument expected."));
+ JSGlobalObject* globalObject = exec->lexicalGlobalObject();
+ JSFunction* evalFunction = globalObject->evalFunction();
+ CallData callData;
+ CallType callType = evalFunction->getCallData(callData);
+ if (callType == CallTypeNone)
+ return jsUndefined();
+ MarkedArgumentBuffer args;
+ args.append(_expression_);
+
+ bool wasEvalEnabled = globalObject->evalEnabled();
+ globalObject->setEvalEnabled(true);
+ JSValue result = JSC::call(exec, evalFunction, callType, callData, exec->globalThisValue(), args);
+ globalObject->setEvalEnabled(wasEvalEnabled);
+
+ return result;
+}
+
JSValue JSInjectedScriptHost::inspectedNode(ExecState* exec)
{
if (exec->argumentCount() < 1)
Modified: trunk/Source/WebCore/bindings/js/ScriptController.cpp (86836 => 86837)
--- trunk/Source/WebCore/bindings/js/ScriptController.cpp 2011-05-19 11:10:45 UTC (rev 86836)
+++ trunk/Source/WebCore/bindings/js/ScriptController.cpp 2011-05-19 11:47:02 UTC (rev 86837)
@@ -240,7 +240,7 @@
void ScriptController::disableEval()
{
- windowShell(mainThreadNormalWorld())->window()->disableEval();
+ windowShell(mainThreadNormalWorld())->window()->setEvalEnabled(false);
}
bool ScriptController::processingUserGesture()
Modified: trunk/Source/WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp (86836 => 86837)
--- trunk/Source/WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp 2011-05-19 11:10:45 UTC (rev 86836)
+++ trunk/Source/WebCore/bindings/v8/custom/V8InjectedScriptHostCustom.cpp 2011-05-19 11:47:02 UTC (rev 86837)
@@ -65,6 +65,20 @@
return ScriptValue(toV8(node));
}
+v8::Handle<v8::Value> V8InjectedScriptHost::evaluateCallback(const v8::Arguments& args)
+{
+ INC_STATS("InjectedScriptHost.evaluate()");
+ if (args.Length() < 1)
+ return v8::ThrowException(v8::Exception::Error(v8::String::New("One argument expected.")));
+
+ v8::Handle<v8::String> _expression_ = args[0]->ToString();
+ if (_expression_.IsEmpty())
+ return v8::ThrowException(v8::Exception::Error(v8::String::New("The argument must be a string.")));
+
+ v8::Handle<v8::Script> script = v8::Script::Compile(_expression_);
+ return script->Run();
+}
+
v8::Handle<v8::Value> V8InjectedScriptHost::inspectedNodeCallback(const v8::Arguments& args)
{
INC_STATS("InjectedScriptHost.inspectedNode()");
@@ -72,7 +86,7 @@
return v8::Undefined();
InjectedScriptHost* host = V8InjectedScriptHost::toNative(args.Holder());
-
+
Node* node = host->inspectedNode(args[0]->ToInt32()->Value());
if (!node)
return v8::Undefined();
Modified: trunk/Source/WebCore/inspector/InjectedScriptHost.idl (86836 => 86837)
--- trunk/Source/WebCore/inspector/InjectedScriptHost.idl 2011-05-19 11:10:45 UTC (rev 86836)
+++ trunk/Source/WebCore/inspector/InjectedScriptHost.idl 2011-05-19 11:47:02 UTC (rev 86837)
@@ -34,6 +34,8 @@
interface [Conditional=INSPECTOR] InjectedScriptHost {
void clearConsoleMessages();
+ [Custom] DOMObject evaluate(in DOMString text);
+
void copyText(in DOMString text);
[Custom] void inspect(in DOMObject objectId, in DOMObject hints);
[Custom] DOMObject inspectedNode(in int num);
Modified: trunk/Source/WebCore/inspector/InjectedScriptSource.js (86836 => 86837)
--- trunk/Source/WebCore/inspector/InjectedScriptSource.js 2011-05-19 11:10:45 UTC (rev 86836)
+++ trunk/Source/WebCore/inspector/InjectedScriptSource.js 2011-05-19 11:47:02 UTC (rev 86837)
@@ -116,7 +116,7 @@
_parseObjectId: function(objectId)
{
- return eval("(" + objectId + ")");
+ return InjectedScriptHost.evaluate("(" + objectId + ")");
},
releaseObjectGroup: function(objectGroupName)
@@ -131,7 +131,7 @@
dispatch: function(methodName, args)
{
- var argsArray = eval("(" + args + ")");
+ var argsArray = InjectedScriptHost.evaluate("(" + args + ")");
var result = this[methodName].apply(this, argsArray);
if (typeof result === "undefined") {
inspectedWindow.console.error("Web Inspector error: InjectedScript.%s returns undefined", methodName);
@@ -199,12 +199,12 @@
// There is a regression introduced here: eval is now happening against global object,
// not call frame while on a breakpoint.
// TODO: bring evaluation against call frame back.
- var result = inspectedWindow.eval("(" + _expression_ + ")");
+ var result = InjectedScriptHost.evaluate("(" + _expression_ + ")");
// Store the result in the property.
object[propertyName] = result;
} catch(e) {
try {
- var result = inspectedWindow.eval("\"" + _expression_.replace(/"/g, "\\\"") + "\"");
+ var result = InjectedScriptHost.evaluate("\"" + _expression_.replace(/"/g, "\\\"") + "\"");
object[propertyName] = result;
} catch(e) {
return e.toString();
@@ -245,7 +245,7 @@
evaluate: function(_expression_, objectGroup, injectCommandLineAPI)
{
- return this._evaluateAndWrap(inspectedWindow.eval, inspectedWindow, _expression_, objectGroup, false, injectCommandLineAPI);
+ return this._evaluateAndWrap(InjectedScriptHost.evaluate, InjectedScriptHost, _expression_, objectGroup, false, injectCommandLineAPI);
},
evaluateOn: function(objectId, _expression_)
@@ -315,7 +315,7 @@
_callFrameForId: function(topCallFrame, callFrameId)
{
- var parsedCallFrameId = eval("(" + callFrameId + ")");
+ var parsedCallFrameId = InjectedScriptHost.evaluate("(" + callFrameId + ")");
var ordinal = parsedCallFrameId.ordinal;
var callFrame = topCallFrame;
while (--ordinal >= 0 && callFrame)
