Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(757)

Unified Diff: Source/core/dom/ScriptLoader.cpp

Issue 1010433007: Fire error event when script integrity check fails. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Updated comment Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/core/dom/ScriptLoader.h ('k') | Source/core/html/parser/HTMLScriptRunner.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/core/dom/ScriptLoader.cpp
diff --git a/Source/core/dom/ScriptLoader.cpp b/Source/core/dom/ScriptLoader.cpp
index e5f117d0674de95638fcd0353c74521e05d32d9b..46c1d17c972c4cfdc070eac692cd9188a2f49f1b 100644
--- a/Source/core/dom/ScriptLoader.cpp
+++ b/Source/core/dom/ScriptLoader.cpp
@@ -266,7 +266,8 @@ bool ScriptLoader::prepareScript(const TextPosition& scriptStartPosition, Legacy
// Reset line numbering for nested writes.
TextPosition position = elementDocument.isInDocumentWrite() ? TextPosition() : scriptStartPosition;
KURL scriptURL = (!elementDocument.isInDocumentWrite() && m_parserInserted) ? elementDocument.url() : KURL();
- executeScript(ScriptSourceCode(scriptContent(), scriptURL, position));
+ if (!executeScript(ScriptSourceCode(scriptContent(), scriptURL, position)))
+ return false;
}
return true;
@@ -317,17 +318,17 @@ bool isSVGScriptLoader(Element* element)
return isSVGScriptElement(*element);
}
-void ScriptLoader::executeScript(const ScriptSourceCode& sourceCode, double* compilationFinishTime)
+bool ScriptLoader::executeScript(const ScriptSourceCode& sourceCode, double* compilationFinishTime)
{
ASSERT(m_alreadyStarted);
if (sourceCode.isEmpty())
- return;
+ return true;
RefPtrWillBeRawPtr<Document> elementDocument(m_element->document());
RefPtrWillBeRawPtr<Document> contextDocument = elementDocument->contextDocument().get();
if (!contextDocument)
- return;
+ return true;
LocalFrame* frame = contextDocument->frame();
@@ -337,26 +338,26 @@ void ScriptLoader::executeScript(const ScriptSourceCode& sourceCode, double* com
|| csp->allowScriptWithHash(sourceCode.source());
if (!m_isExternalScript && (!shouldBypassMainWorldCSP && !csp->allowInlineScript(elementDocument->url(), m_startLineNumber, sourceCode.source())))
- return;
+ return true;
if (m_isExternalScript) {
ScriptResource* resource = m_resource ? m_resource.get() : sourceCode.resource();
if (resource && !resource->mimeTypeAllowedByNosniff()) {
contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->url().elidedString() + "' because its MIME type ('" + resource->mimeType() + "') is not executable, and strict MIME type checking is enabled."));
- return;
+ return true;
}
if (resource && resource->mimeType().lower().startsWith("image/")) {
contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->url().elidedString() + "' because its MIME type ('" + resource->mimeType() + "') is not executable."));
UseCounter::count(frame, UseCounter::BlockedSniffingImageToScript);
- return;
+ return true;
}
}
// FIXME: Can this be moved earlier in the function?
// Why are we ever attempting to execute scripts without a frame?
if (!frame)
- return;
+ return true;
AccessControlStatus corsCheck = NotSharableCrossOrigin;
if (!m_isExternalScript || (sourceCode.resource() && sourceCode.resource()->passesAccessControlCheck(&m_element->document(), m_element->document().securityOrigin())))
@@ -365,7 +366,7 @@ void ScriptLoader::executeScript(const ScriptSourceCode& sourceCode, double* com
if (m_isExternalScript) {
const KURL resourceUrl = sourceCode.resource()->resourceRequest().url();
if (!SubresourceIntegrity::CheckSubresourceIntegrity(*m_element, sourceCode.source(), sourceCode.resource()->url(), sourceCode.resource()->mimeType(), *sourceCode.resource())) {
- return;
+ return false;
}
}
@@ -386,6 +387,8 @@ void ScriptLoader::executeScript(const ScriptSourceCode& sourceCode, double* com
ASSERT(contextDocument->currentScript() == m_element);
contextDocument->popCurrentScript();
}
+
+ return true;
}
void ScriptLoader::execute()
@@ -399,8 +402,10 @@ void ScriptLoader::execute()
if (errorOccurred) {
dispatchErrorEvent();
} else if (!m_resource->wasCanceled()) {
- executeScript(source);
- dispatchLoadEvent();
+ if (executeScript(source))
+ dispatchLoadEvent();
+ else
+ dispatchErrorEvent();
}
m_resource = 0;
}
« no previous file with comments | « Source/core/dom/ScriptLoader.h ('k') | Source/core/html/parser/HTMLScriptRunner.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698