Allow CefV8Context::Eval to bypass CSP (issue #2024)

2025-06-05 21:39:12 +02:00 · 2016-10-27 12:34:19 -04:00
parent f7a4102978
commit 0e97c527ae
14 changed files with 274 additions and 52 deletions
--- a/libcef/renderer/webkit_glue.h
+++ b/libcef/renderer/webkit_glue.h
@ -11,6 +11,7 @@
 #include <string>

 #include "include/internal/cef_types.h"
+#include "third_party/WebKit/Source/core/fetch/AccessControlStatus.h"
 #include "v8/include/v8.h"

 namespace blink {
@ -52,6 +53,15 @@ v8::MaybeLocal<v8::Value> CallV8Function(v8::Local<v8::Context> context,
                                         v8::Local<v8::Value> args[],
                                         v8::Isolate* isolate);

+v8::MaybeLocal<v8::Value> ExecuteV8ScriptAndReturnValue(
+    const blink::WebString& source,
+    const blink::WebString& source_url,
+    int start_line,
+    v8::Local<v8::Context> context,
+    v8::Isolate* isolate,
+    v8::TryCatch& tryCatch,
+    blink::AccessControlStatus accessControlStatus);
+
 bool IsScriptForbidden();

 }  // webkit_glue