Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(52)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/dom/ScriptLoader.cpp

Issue 1413193010: Add counters for various ways of loading scripts with bad mimetypes (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Tests which do work Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/resources/javascript-mimetype.php ('k') | third_party/WebKit/Source/core/frame/UseCounter.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2001 Dirk Mueller (mueller@kde.org) 4 * (C) 2001 Dirk Mueller (mueller@kde.org)
5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv ed. 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv ed.
6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> 6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org>
7 * 7 *
8 * This library is free software; you can redistribute it and/or 8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Library General Public 9 * modify it under the terms of the GNU Library General Public
10 * License as published by the Free Software Foundation; either 10 * License as published by the Free Software Foundation; either
(...skipping 340 matching lines...) Expand 10 before | Expand all | Expand 10 after
351 bool shouldBypassMainWorldCSP = (frame && frame->script().shouldBypassMainWo rldCSP()) 351 bool shouldBypassMainWorldCSP = (frame && frame->script().shouldBypassMainWo rldCSP())
352 || csp->allowScriptWithNonce(m_element->fastGetAttribute(HTMLNames::nonc eAttr)) 352 || csp->allowScriptWithNonce(m_element->fastGetAttribute(HTMLNames::nonc eAttr))
353 || csp->allowScriptWithHash(sourceCode.source()); 353 || csp->allowScriptWithHash(sourceCode.source());
354 354
355 if (!m_isExternalScript && (!shouldBypassMainWorldCSP && !csp->allowInlineSc ript(elementDocument->url(), m_startLineNumber, sourceCode.source()))) { 355 if (!m_isExternalScript && (!shouldBypassMainWorldCSP && !csp->allowInlineSc ript(elementDocument->url(), m_startLineNumber, sourceCode.source()))) {
356 return false; 356 return false;
357 } 357 }
358 358
359 if (m_isExternalScript) { 359 if (m_isExternalScript) {
360 ScriptResource* resource = m_resource ? m_resource.get() : sourceCode.re source(); 360 ScriptResource* resource = m_resource ? m_resource.get() : sourceCode.re source();
361 if (resource && !resource->mimeTypeAllowedByNosniff()) { 361 if (resource) {
362 contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMe ssageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->u rl().elidedString() + "' because its MIME type ('" + resource->mimeType() + "') is not executable, and strict MIME type checking is enabled.")); 362 if (!resource->mimeTypeAllowedByNosniff()) {
363 return false; 363 contextDocument->addConsoleMessage(ConsoleMessage::create(Securi tyMessageSource, ErrorMessageLevel, "Refused to execute script from '" + resourc e->url().elidedString() + "' because its MIME type ('" + resource->mimeType() + "') is not executable, and strict MIME type checking is enabled."));
364 } 364 return false;
365 }
365 366
366 if (resource && resource->mimeType().lower().startsWith("image/")) { 367 String mimetype = resource->mimeType();
367 contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMe ssageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->u rl().elidedString() + "' because its MIME type ('" + resource->mimeType() + "') is not executable.")); 368 if (mimetype.lower().startsWith("image/")) {
368 UseCounter::count(frame, UseCounter::BlockedSniffingImageToScript); 369 contextDocument->addConsoleMessage(ConsoleMessage::create(Securi tyMessageSource, ErrorMessageLevel, "Refused to execute script from '" + resourc e->url().elidedString() + "' because its MIME type ('" + resource->mimeType() + "') is not executable."));
369 return false; 370 UseCounter::count(frame, UseCounter::BlockedSniffingImageToScrip t);
371 return false;
372 }
373
374 bool text = mimetype.lower().startsWith("text/");
Nate Chapin 2015/11/10 18:02:49 Maybe pull this new logging into a helper?
Dan Ehrenberg 2015/11/24 00:55:20 Done
375 bool expectedJs = MIMETypeRegistry::isSupportedJavaScriptMIMEType(mi metype) || (text && isLegacySupportedJavaScriptLanguage(mimetype.substring(5)));
376 bool sameOrigin = m_element->document().securityOrigin()->canRequest (m_resource->url());
377 if (!expectedJs) {
378 UseCounter::Feature feature = sameOrigin ? (text ? UseCounter::S ameOriginTextScript : UseCounter::SameOriginOtherScript) : (text ? UseCounter::C rossOriginTextScript : UseCounter::CrossOriginOtherScript);
379 UseCounter::count(frame, feature);
380 }
370 } 381 }
371 } 382 }
372 383
373 // FIXME: Can this be moved earlier in the function? 384 // FIXME: Can this be moved earlier in the function?
374 // Why are we ever attempting to execute scripts without a frame? 385 // Why are we ever attempting to execute scripts without a frame?
375 if (!frame) 386 if (!frame)
376 return true; 387 return true;
377 388
378 AccessControlStatus accessControlStatus = NotSharableCrossOrigin; 389 AccessControlStatus accessControlStatus = NotSharableCrossOrigin;
379 if (!m_isExternalScript) { 390 if (!m_isExternalScript) {
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after
500 if (isHTMLScriptLoader(element)) 511 if (isHTMLScriptLoader(element))
501 return toHTMLScriptElement(element)->loader(); 512 return toHTMLScriptElement(element)->loader();
502 513
503 if (isSVGScriptLoader(element)) 514 if (isSVGScriptLoader(element))
504 return toSVGScriptElement(element)->loader(); 515 return toSVGScriptElement(element)->loader();
505 516
506 return 0; 517 return 0;
507 } 518 }
508 519
509 } // namespace blink 520 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/security/resources/javascript-mimetype.php ('k') | third_party/WebKit/Source/core/frame/UseCounter.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698