bcarrella/cef
1
0
Fork 0
mirror of https://bitbucket.org/chromiumembedded/cef synced 2025-06-05 21:39:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow CefV8Context::Eval to bypass CSP (issue #2024)

Browse Source
This commit is contained in:
Marshall Greenblatt
2016-10-27 12:34:19 -04:00
parent f7a4102978
commit 0e97c527ae
14 changed files with 274 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
libcef/renderer/webkit_glue.cc
View File

@ -25,12 +25,14 @@ MSVC_PUSH_WARNING_LEVEL(0);
#include "third_party/WebKit/public/web/WebViewClient.h"
#include "third_party/WebKit/Source/bindings/core/v8/ScriptController.h"
#include "third_party/WebKit/Source/bindings/core/v8/ScriptSourceCode.h"
#include "third_party/WebKit/Source/bindings/core/v8/V8Binding.h"
#include "third_party/WebKit/Source/core/dom/Document.h"
#include "third_party/WebKit/Source/core/dom/Element.h"
#include "third_party/WebKit/Source/core/dom/Node.h"
#include "third_party/WebKit/Source/core/editing/serializers/Serialization.h"
#include "third_party/WebKit/Source/core/frame/LocalFrame.h"
#include "third_party/WebKit/Source/core/frame/Settings.h"
#include "third_party/WebKit/Source/web/WebLocalFrameImpl.h"
#include "third_party/WebKit/Source/web/WebViewImpl.h"
MSVC_POP_WARNING();
@ -184,6 +186,51 @@ v8::MaybeLocal<v8::Value> CallV8Function(v8::Local<v8::Context> context,
return func_rv;
}
v8::MaybeLocal<v8::Value> ExecuteV8ScriptAndReturnValue(
const blink::WebString& source,
const blink::WebString& source_url,
int start_line,
v8::Local<v8::Context> context,
v8::Isolate* isolate,
v8::TryCatch& tryCatch,
blink::AccessControlStatus accessControlStatus) {
// Based on ScriptController::executeScriptAndReturnValue
DCHECK(isolate);
if (start_line < 1)
start_line = 1;
const blink::KURL kurl = source_url.isEmpty() ?
blink::KURL() : blink::KURL(blink::ParsedURLString, source_url);
const blink::ScriptSourceCode ssc = blink::ScriptSourceCode(source, kurl,
WTF::TextPosition(WTF::OrdinalNumber::fromOneBasedInt(start_line),
WTF::OrdinalNumber::fromZeroBasedInt(0)));
v8::MaybeLocal<v8::Value> result;
blink::LocalFrame* frame =
toLocalFrame(blink::toFrameIfNotDetached(context));
DCHECK(frame);
if (frame) {
blink::V8CacheOptions v8CacheOptions(blink::V8CacheOptionsDefault);
if (frame && frame->settings())
v8CacheOptions = frame->settings()->v8CacheOptions();
v8::Local<v8::Script> script;
if (!blink::v8Call(blink::V8ScriptRunner::compileScript(ssc, isolate,
accessControlStatus, v8CacheOptions), script, tryCatch)) {
return result;
}
result = blink::V8ScriptRunner::runCompiledScript(isolate, script,
blink::toExecutionContext(context));
}
return result;
}
bool IsScriptForbidden() {
return blink::ScriptForbiddenScope::isScriptForbidden();
}