diff --git a/Userland/Libraries/LibWeb/DOM/Document.h b/Userland/Libraries/LibWeb/DOM/Document.h index 341781f95f..7b1ca335c7 100644 --- a/Userland/Libraries/LibWeb/DOM/Document.h +++ b/Userland/Libraries/LibWeb/DOM/Document.h @@ -243,6 +243,7 @@ public: void removed_last_ref(); HTML::Window& window() { return *m_window; } + HTML::Window const& window() const { return *m_window; } ExceptionOr write(Vector const& strings); ExceptionOr writeln(Vector const& strings); diff --git a/Userland/Libraries/LibWeb/DOM/Node.cpp b/Userland/Libraries/LibWeb/DOM/Node.cpp index 96af914100..ad6773e4e3 100644 --- a/Userland/Libraries/LibWeb/DOM/Node.cpp +++ b/Userland/Libraries/LibWeb/DOM/Node.cpp @@ -847,8 +847,7 @@ void Node::serialize_tree_as_json(JsonObjectSerializer& object) c bool Node::is_scripting_enabled() const { // Scripting is enabled for a node node if node's node document's browsing context is non-null, and scripting is enabled for node's relevant settings object. - // FIXME: Check if scripting is enabled for the ESO. - return document().browsing_context(); + return document().browsing_context() && const_cast(document()).relevant_settings_object().is_scripting_enabled(); } // https://html.spec.whatwg.org/multipage/webappapis.html#concept-n-noscript diff --git a/Userland/Libraries/LibWeb/HTML/Scripting/ClassicScript.cpp b/Userland/Libraries/LibWeb/HTML/Scripting/ClassicScript.cpp index 7ce620f371..7b85e2c752 100644 --- a/Userland/Libraries/LibWeb/HTML/Scripting/ClassicScript.cpp +++ b/Userland/Libraries/LibWeb/HTML/Scripting/ClassicScript.cpp @@ -24,7 +24,9 @@ NonnullRefPtr ClassicScript::create(String filename, StringView s if (muted_errors == MutedErrors::Yes) base_url = "about:blank"; - // FIXME: 3. If scripting is disabled for settings, then set source to the empty string. + // 3. If scripting is disabled for settings, then set source to the empty string. + if (environment_settings_object.is_scripting_disabled()) + source = ""; // 4. Let script be a new classic script that this algorithm will subsequently initialize. auto script = adopt_ref(*new ClassicScript(move(base_url), move(filename), environment_settings_object)); diff --git a/Userland/Libraries/LibWeb/HTML/Scripting/Environments.cpp b/Userland/Libraries/LibWeb/HTML/Scripting/Environments.cpp index 76927cb4ff..658f635bf3 100644 --- a/Userland/Libraries/LibWeb/HTML/Scripting/Environments.cpp +++ b/Userland/Libraries/LibWeb/HTML/Scripting/Environments.cpp @@ -11,6 +11,7 @@ #include #include #include +#include namespace Web::HTML { @@ -68,7 +69,9 @@ RunScriptDecision EnvironmentSettingsObject::can_run_script() if (is(global_object()) && !verify_cast(global_object()).impl().associated_document().is_fully_active()) return RunScriptDecision::DoNotRun; - // FIXME: 2. If scripting is disabled for settings, then return "do not run". + // 2. If scripting is disabled for settings, then return "do not run". + if (is_scripting_disabled()) + return RunScriptDecision::DoNotRun; // 3. Return "run". return RunScriptDecision::Run; @@ -234,6 +237,31 @@ void EnvironmentSettingsObject::notify_about_rejected_promises(Badge) }); } +// https://html.spec.whatwg.org/multipage/webappapis.html#concept-environment-script +bool EnvironmentSettingsObject::is_scripting_enabled() const +{ + // Scripting is enabled for an environment settings object settings when all of the following conditions are true: + // The user agent supports scripting. + // NOTE: This is always true in LibWeb :^) + + // The user has not disabled scripting for settings at this time. (User agents may provide users with the option to disable scripting globally, or in a finer-grained manner, e.g., on a per-origin basis, down to the level of individual environment settings objects.) + auto document = const_cast(*this).responsible_document(); + VERIFY(document); + if (!document->window().page()->is_scripting_enabled()) + return false; + + // FIXME: Either settings's global object is not a Window object, or settings's global object's associated Document's active sandboxing flag set does not have its sandboxed scripts browsing context flag set. + + return true; +} + +// https://html.spec.whatwg.org/multipage/webappapis.html#concept-environment-noscript +bool EnvironmentSettingsObject::is_scripting_disabled() const +{ + // Scripting is disabled for an environment settings object when scripting is not enabled for it, i.e., when any of the above conditions are false. + return !is_scripting_enabled(); +} + // https://html.spec.whatwg.org/multipage/webappapis.html#incumbent-settings-object EnvironmentSettingsObject& incumbent_settings_object() { diff --git a/Userland/Libraries/LibWeb/HTML/Scripting/Environments.h b/Userland/Libraries/LibWeb/HTML/Scripting/Environments.h index 33e579120c..8ae9bbca7d 100644 --- a/Userland/Libraries/LibWeb/HTML/Scripting/Environments.h +++ b/Userland/Libraries/LibWeb/HTML/Scripting/Environments.h @@ -101,6 +101,9 @@ struct EnvironmentSettingsObject void notify_about_rejected_promises(Badge); + bool is_scripting_enabled() const; + bool is_scripting_disabled() const; + protected: explicit EnvironmentSettingsObject(JS::ExecutionContext& realm_execution_context); diff --git a/Userland/Libraries/LibWeb/Page/Page.h b/Userland/Libraries/LibWeb/Page/Page.h index 8c3cfd19d2..3bfe12b0b7 100644 --- a/Userland/Libraries/LibWeb/Page/Page.h +++ b/Userland/Libraries/LibWeb/Page/Page.h @@ -62,6 +62,9 @@ public: bool is_same_origin_policy_enabled() const { return m_same_origin_policy_enabled; } void set_same_origin_policy_enabled(bool b) { m_same_origin_policy_enabled = b; } + bool is_scripting_enabled() const { return m_is_scripting_enabled; } + void set_is_scripting_enabled(bool b) { m_is_scripting_enabled = b; } + private: PageClient& m_client; @@ -70,6 +73,8 @@ private: // FIXME: Enable this by default once CORS preflight checks are supported. bool m_same_origin_policy_enabled { false }; + + bool m_is_scripting_enabled { true }; }; class PageClient {