<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[198541] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/198541">198541</a></dd>
<dt>Author</dt> <dd>dbates@webkit.org</dd>
<dt>Date</dt> <dd>2016-03-22 12:08:43 -0700 (Tue, 22 Mar 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>CSP: Check inline event handlers on each run, not only the first
https://bugs.webkit.org/show_bug.cgi?id=115700
<rdar://problem/24211159>
Reviewed by Andy Estes.
Source/WebCore:
Fixes an issue where an inline event handler would always be allowed to execute if it
executed at least once.
Currently we query whether the Content Security Policy (CSP) of the page permits inline event
handlers each time we register a new handler for an event. And a handler is registered exactly
once the first time the event associated with it is dispatched. Once a handler is registered
as a listener for an event E then we will always invoke the handler when event E is dispatched
regardless of whether the CSP of the page changes (say, as a result of programmatically inserting
a <meta http-equiv="Content-Security-Policy">). Instead we should always check the
CSP of the page whenever we are going to invoke an event handler.
* bindings/js/JSEventListener.cpp:
(WebCore::JSEventListener::handleEvent): Check the CSP of the page and bail out if the
policy does not permit execution of an inline event handler.
* bindings/js/JSEventListener.h:
(WebCore::JSEventListener::sourceURL): Added. Default implementation that returns an empty string.
(WebCore::JSEventListener::sourcePosition): Added. Default implementation that returns a default position.
* bindings/js/JSLazyEventListener.cpp:
(WebCore::JSLazyEventListener::JSLazyEventListener): Update code following instance variable
renaming in JSLazyEventListener.h.
(WebCore::JSLazyEventListener::initializeJSFunction): Ditto.
* bindings/js/JSLazyEventListener.h: Override JSEventListener::sourceURL() and JSEventListener::sourcePosition().
Changed all mutable instance variables to immutable ones as we do not modify these variables
in any const member functions. Also renamed instance variable m_position to m_sourcePosition
to better describe that it represents the source code position where the event handler was defined.
LayoutTests:
Update expected result for test http/tests/security/contentSecurityPolicy/inline-event-handler-blocked-after-injecting-meta.html
and remove its entry from file LayoutTests/TestExpectations now that it passes.
* TestExpectations:
* http/tests/security/contentSecurityPolicy/inline-event-handler-blocked-after-injecting-meta-expected.txt:</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsTestExpectations">trunk/LayoutTests/TestExpectations</a></li>
<li><a href="#trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlineeventhandlerblockedafterinjectingmetaexpectedtxt">trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-event-handler-blocked-after-injecting-meta-expected.txt</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSEventListenercpp">trunk/Source/WebCore/bindings/js/JSEventListener.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSEventListenerh">trunk/Source/WebCore/bindings/js/JSEventListener.h</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSLazyEventListenercpp">trunk/Source/WebCore/bindings/js/JSLazyEventListener.cpp</a></li>
<li><a href="#trunkSourceWebCorebindingsjsJSLazyEventListenerh">trunk/Source/WebCore/bindings/js/JSLazyEventListener.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (198540 => 198541)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2016-03-22 18:28:53 UTC (rev 198540)
+++ trunk/LayoutTests/ChangeLog 2016-03-22 19:08:43 UTC (rev 198541)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2016-03-22 Daniel Bates <dabates@apple.com>
+
+ CSP: Check inline event handlers on each run, not only the first
+ https://bugs.webkit.org/show_bug.cgi?id=115700
+ <rdar://problem/24211159>
+
+ Reviewed by Andy Estes.
+
+ Update expected result for test http/tests/security/contentSecurityPolicy/inline-event-handler-blocked-after-injecting-meta.html
+ and remove its entry from file LayoutTests/TestExpectations now that it passes.
+
+ * TestExpectations:
+ * http/tests/security/contentSecurityPolicy/inline-event-handler-blocked-after-injecting-meta-expected.txt:
+
</ins><span class="cx"> 2016-03-22 Ryan Haddad <ryanhaddad@apple.com>
</span><span class="cx">
</span><span class="cx"> Skipping media/media-document-audio-repaint.html on El Capitan Debug WK2
</span></span></pre></div>
<a id="trunkLayoutTestsTestExpectations"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/TestExpectations (198540 => 198541)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/TestExpectations 2016-03-22 18:28:53 UTC (rev 198540)
+++ trunk/LayoutTests/TestExpectations 2016-03-22 19:08:43 UTC (rev 198541)
</span><span class="lines">@@ -861,7 +861,6 @@
</span><span class="cx"> http/tests/security/contentSecurityPolicy/1.1/plugintypes-url-02.html [ Pass ]
</span><span class="cx"> webkit.org/b/154203 http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-overrides-xfo.html
</span><span class="cx"> webkit.org/b/111869 http/tests/security/contentSecurityPolicy/eval-blocked-and-sends-report.html
</span><del>-webkit.org/b/115700 http/tests/security/contentSecurityPolicy/inline-event-handler-blocked-after-injecting-meta.html [ Failure ]
</del><span class="cx"> webkit.org/b/153148 http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report.html
</span><span class="cx"> webkit.org/b/153150 http/tests/security/contentSecurityPolicy/frame-src-cross-origin-load.html
</span><span class="cx"> webkit.org/b/153150 http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-blocked.html
</span></span></pre></div>
<a id="trunkLayoutTestshttptestssecuritycontentSecurityPolicyinlineeventhandlerblockedafterinjectingmetaexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-event-handler-blocked-after-injecting-meta-expected.txt (198540 => 198541)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-event-handler-blocked-after-injecting-meta-expected.txt 2016-03-22 18:28:53 UTC (rev 198540)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/inline-event-handler-blocked-after-injecting-meta-expected.txt 2016-03-22 19:08:43 UTC (rev 198541)
</span><span class="lines">@@ -2,6 +2,6 @@
</span><span class="cx"> CONSOLE MESSAGE: line 21: PASS: Event handler triggered pre-policy.
</span><span class="cx"> CONSOLE MESSAGE: line 14: Injecting Content-Security-Policy.
</span><span class="cx"> CONSOLE MESSAGE: line 19: Clicking a link, post-policy:
</span><del>-CONSOLE MESSAGE: line 21: Refused to execute inline event handler because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
</del><ins>+CONSOLE MESSAGE: line 21: Refused to execute inline event handler because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
</ins><span class="cx">
</span><span class="cx"> This test checks that CSP is evaluated on each call to an inline event handler, even if it's been executed pre-policy. It passes if one 'PASS' and no 'FAIL' messages appear.
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (198540 => 198541)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2016-03-22 18:28:53 UTC (rev 198540)
+++ trunk/Source/WebCore/ChangeLog 2016-03-22 19:08:43 UTC (rev 198541)
</span><span class="lines">@@ -1,3 +1,37 @@
</span><ins>+2016-03-22 Daniel Bates <dabates@apple.com>
+
+ CSP: Check inline event handlers on each run, not only the first
+ https://bugs.webkit.org/show_bug.cgi?id=115700
+ <rdar://problem/24211159>
+
+ Reviewed by Andy Estes.
+
+ Fixes an issue where an inline event handler would always be allowed to execute if it
+ executed at least once.
+
+ Currently we query whether the Content Security Policy (CSP) of the page permits inline event
+ handlers each time we register a new handler for an event. And a handler is registered exactly
+ once the first time the event associated with it is dispatched. Once a handler is registered
+ as a listener for an event E then we will always invoke the handler when event E is dispatched
+ regardless of whether the CSP of the page changes (say, as a result of programmatically inserting
+ a <meta http-equiv="Content-Security-Policy">). Instead we should always check the
+ CSP of the page whenever we are going to invoke an event handler.
+
+ * bindings/js/JSEventListener.cpp:
+ (WebCore::JSEventListener::handleEvent): Check the CSP of the page and bail out if the
+ policy does not permit execution of an inline event handler.
+ * bindings/js/JSEventListener.h:
+ (WebCore::JSEventListener::sourceURL): Added. Default implementation that returns an empty string.
+ (WebCore::JSEventListener::sourcePosition): Added. Default implementation that returns a default position.
+ * bindings/js/JSLazyEventListener.cpp:
+ (WebCore::JSLazyEventListener::JSLazyEventListener): Update code following instance variable
+ renaming in JSLazyEventListener.h.
+ (WebCore::JSLazyEventListener::initializeJSFunction): Ditto.
+ * bindings/js/JSLazyEventListener.h: Override JSEventListener::sourceURL() and JSEventListener::sourcePosition().
+ Changed all mutable instance variables to immutable ones as we do not modify these variables
+ in any const member functions. Also renamed instance variable m_position to m_sourcePosition
+ to better describe that it represents the source code position where the event handler was defined.
+
</ins><span class="cx"> 2016-03-22 Jer Noble <jer.noble@apple.com>
</span><span class="cx">
</span><span class="cx"> Media elements allowed to play without a user gesture, but requiring fullscreen playback, should not be allowed to autoplay.
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSEventListenercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSEventListener.cpp (198540 => 198541)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSEventListener.cpp 2016-03-22 18:28:53 UTC (rev 198540)
+++ trunk/Source/WebCore/bindings/js/JSEventListener.cpp 2016-03-22 19:08:43 UTC (rev 198541)
</span><span class="lines">@@ -21,6 +21,7 @@
</span><span class="cx"> #include "JSEventListener.h"
</span><span class="cx">
</span><span class="cx"> #include "BeforeUnloadEvent.h"
</span><ins>+#include "ContentSecurityPolicy.h"
</ins><span class="cx"> #include "Event.h"
</span><span class="cx"> #include "Frame.h"
</span><span class="cx"> #include "HTMLElement.h"
</span><span class="lines">@@ -93,6 +94,8 @@
</span><span class="cx"> JSDOMWindow* window = jsCast<JSDOMWindow*>(globalObject);
</span><span class="cx"> if (!window->wrapped().isCurrentlyDisplayedInFrame())
</span><span class="cx"> return;
</span><ins>+ if (wasCreatedFromMarkup() && !scriptExecutionContext->contentSecurityPolicy()->allowInlineEventHandlers(sourceURL(), sourcePosition().m_line))
+ return;
</ins><span class="cx"> // FIXME: Is this check needed for other contexts?
</span><span class="cx"> ScriptController& script = window->wrapped().frame()->script();
</span><span class="cx"> if (!script.canExecuteScripts(AboutToExecuteScript) || script.isPaused())
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSEventListenerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSEventListener.h (198540 => 198541)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSEventListener.h 2016-03-22 18:28:53 UTC (rev 198540)
+++ trunk/Source/WebCore/bindings/js/JSEventListener.h 2016-03-22 19:08:43 UTC (rev 198541)
</span><span class="lines">@@ -26,6 +26,8 @@
</span><span class="cx"> #include <heap/Weak.h>
</span><span class="cx"> #include <heap/WeakInlines.h>
</span><span class="cx"> #include <wtf/Ref.h>
</span><ins>+#include <wtf/text/TextPosition.h>
+#include <wtf/text/WTFString.h>
</ins><span class="cx">
</span><span class="cx"> namespace WebCore {
</span><span class="cx">
</span><span class="lines">@@ -61,6 +63,9 @@
</span><span class="cx"> JSC::JSObject* wrapper() const { return m_wrapper.get(); }
</span><span class="cx"> void setWrapper(JSC::VM&, JSC::JSObject* wrapper) const { m_wrapper = JSC::Weak<JSC::JSObject>(wrapper); }
</span><span class="cx">
</span><ins>+ virtual String sourceURL() const { return String(); }
+ virtual TextPosition sourcePosition() const { return TextPosition::minimumPosition(); }
+
</ins><span class="cx"> private:
</span><span class="cx"> virtual JSC::JSObject* initializeJSFunction(ScriptExecutionContext*) const;
</span><span class="cx"> void visitJSFunction(JSC::SlotVisitor&) override;
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSLazyEventListenercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSLazyEventListener.cpp (198540 => 198541)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSLazyEventListener.cpp 2016-03-22 18:28:53 UTC (rev 198540)
+++ trunk/Source/WebCore/bindings/js/JSLazyEventListener.cpp 2016-03-22 19:08:43 UTC (rev 198541)
</span><span class="lines">@@ -1,6 +1,6 @@
</span><span class="cx"> /*
</span><span class="cx"> * Copyright (C) 2001 Peter Kelly (pmk@post.com)
</span><del>- * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2013 Apple Inc. All Rights Reserved.
</del><ins>+ * Copyright (C) 2003-2016 Apple Inc. All Rights Reserved.
</ins><span class="cx"> *
</span><span class="cx"> * This library is free software; you can redistribute it and/or
</span><span class="cx"> * modify it under the terms of the GNU Lesser General Public
</span><span class="lines">@@ -37,13 +37,13 @@
</span><span class="cx">
</span><span class="cx"> DEFINE_DEBUG_ONLY_GLOBAL(WTF::RefCountedLeakCounter, eventListenerCounter, ("JSLazyEventListener"));
</span><span class="cx">
</span><del>-JSLazyEventListener::JSLazyEventListener(const String& functionName, const String& eventParameterName, const String& code, ContainerNode* node, const String& sourceURL, const TextPosition& position, JSObject* wrapper, DOMWrapperWorld& isolatedWorld)
</del><ins>+JSLazyEventListener::JSLazyEventListener(const String& functionName, const String& eventParameterName, const String& code, ContainerNode* node, const String& sourceURL, const TextPosition& sourcePosition, JSObject* wrapper, DOMWrapperWorld& isolatedWorld)
</ins><span class="cx"> : JSEventListener(0, wrapper, true, isolatedWorld)
</span><span class="cx"> , m_functionName(functionName)
</span><span class="cx"> , m_eventParameterName(eventParameterName)
</span><span class="cx"> , m_code(code)
</span><span class="cx"> , m_sourceURL(sourceURL)
</span><del>- , m_position(position)
</del><ins>+ , m_sourcePosition(sourcePosition)
</ins><span class="cx"> , m_originalNode(node)
</span><span class="cx"> {
</span><span class="cx"> // We don't retain the original node because we assume it
</span><span class="lines">@@ -54,8 +54,8 @@
</span><span class="cx">
</span><span class="cx"> // A JSLazyEventListener can be created with a line number of zero when it is created with
</span><span class="cx"> // a setAttribute call from JavaScript, so make the line number 1 in that case.
</span><del>- if (m_position == TextPosition::belowRangePosition())
- m_position = TextPosition::minimumPosition();
</del><ins>+ if (m_sourcePosition == TextPosition::belowRangePosition())
+ m_sourcePosition = TextPosition::minimumPosition();
</ins><span class="cx">
</span><span class="cx"> ASSERT(m_eventParameterName == "evt" || m_eventParameterName == "event");
</span><span class="cx">
</span><span class="lines">@@ -87,7 +87,7 @@
</span><span class="cx"> if (!document.frame())
</span><span class="cx"> return nullptr;
</span><span class="cx">
</span><del>- if (!document.contentSecurityPolicy()->allowInlineEventHandlers(m_sourceURL, m_position.m_line))
</del><ins>+ if (!document.contentSecurityPolicy()->allowInlineEventHandlers(m_sourceURL, m_sourcePosition.m_line))
</ins><span class="cx"> return nullptr;
</span><span class="cx">
</span><span class="cx"> ScriptController& script = document.frame()->script();
</span><span class="lines">@@ -106,11 +106,11 @@
</span><span class="cx">
</span><span class="cx"> // We want all errors to refer back to the line on which our attribute was
</span><span class="cx"> // declared, regardless of any newlines in our JavaScript source text.
</span><del>- int overrideLineNumber = m_position.m_line.oneBasedInt();
</del><ins>+ int overrideLineNumber = m_sourcePosition.m_line.oneBasedInt();
</ins><span class="cx">
</span><span class="cx"> JSObject* jsFunction = constructFunctionSkippingEvalEnabledCheck(
</span><span class="cx"> exec, exec->lexicalGlobalObject(), args, Identifier::fromString(exec, m_functionName),
</span><del>- m_sourceURL, m_position, overrideLineNumber);
</del><ins>+ m_sourceURL, m_sourcePosition, overrideLineNumber);
</ins><span class="cx">
</span><span class="cx"> if (exec->hadException()) {
</span><span class="cx"> reportCurrentException(exec);
</span></span></pre></div>
<a id="trunkSourceWebCorebindingsjsJSLazyEventListenerh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/bindings/js/JSLazyEventListener.h (198540 => 198541)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/bindings/js/JSLazyEventListener.h 2016-03-22 18:28:53 UTC (rev 198540)
+++ trunk/Source/WebCore/bindings/js/JSLazyEventListener.h 2016-03-22 19:08:43 UTC (rev 198541)
</span><span class="lines">@@ -1,6 +1,6 @@
</span><span class="cx"> /*
</span><span class="cx"> * Copyright (C) 2001 Peter Kelly (pmk@post.com)
</span><del>- * Copyright (C) 2003, 2008, 2009, 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2003-2016 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * This library is free software; you can redistribute it and/or
</span><span class="cx"> * modify it under the terms of the GNU Lesser General Public
</span><span class="lines">@@ -21,8 +21,6 @@
</span><span class="cx"> #define JSLazyEventListener_h
</span><span class="cx">
</span><span class="cx"> #include "JSEventListener.h"
</span><del>-#include <wtf/text/TextPosition.h>
-#include <wtf/text/WTFString.h>
</del><span class="cx">
</span><span class="cx"> namespace WebCore {
</span><span class="cx">
</span><span class="lines">@@ -40,6 +38,9 @@
</span><span class="cx">
</span><span class="cx"> virtual ~JSLazyEventListener();
</span><span class="cx">
</span><ins>+ String sourceURL() const final { return m_sourceURL; }
+ TextPosition sourcePosition() const final { return m_sourcePosition; }
+
</ins><span class="cx"> private:
</span><span class="cx"> struct CreationArguments;
</span><span class="cx"> static RefPtr<JSLazyEventListener> create(const CreationArguments&);
</span><span class="lines">@@ -49,11 +50,11 @@
</span><span class="cx"> JSC::JSObject* initializeJSFunction(ScriptExecutionContext*) const override;
</span><span class="cx"> bool wasCreatedFromMarkup() const override { return true; }
</span><span class="cx">
</span><del>- mutable String m_functionName;
- mutable String m_eventParameterName;
- mutable String m_code;
- mutable String m_sourceURL;
- TextPosition m_position;
</del><ins>+ String m_functionName;
+ String m_eventParameterName;
+ String m_code;
+ String m_sourceURL;
+ TextPosition m_sourcePosition;
</ins><span class="cx"> ContainerNode* m_originalNode;
</span><span class="cx"> };
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>