Index: third_party/WebKit/Source/core/dom/ScriptLoader.cpp |
diff --git a/third_party/WebKit/Source/core/dom/ScriptLoader.cpp b/third_party/WebKit/Source/core/dom/ScriptLoader.cpp |
index a7b90c6739fafc8dca761bb50c11c5a5d3962981..592479a1949acbfff32cf3ca12193394db8cda9e 100644 |
--- a/third_party/WebKit/Source/core/dom/ScriptLoader.cpp |
+++ b/third_party/WebKit/Source/core/dom/ScriptLoader.cpp |
@@ -358,15 +358,26 @@ bool ScriptLoader::executeScript(const ScriptSourceCode& sourceCode, double* com |
if (m_isExternalScript) { |
ScriptResource* resource = m_resource ? m_resource.get() : sourceCode.resource(); |
- if (resource && !resource->mimeTypeAllowedByNosniff()) { |
- contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->url().elidedString() + "' because its MIME type ('" + resource->mimeType() + "') is not executable, and strict MIME type checking is enabled.")); |
- return false; |
- } |
- |
- if (resource && resource->mimeType().lower().startsWith("image/")) { |
- contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->url().elidedString() + "' because its MIME type ('" + resource->mimeType() + "') is not executable.")); |
- UseCounter::count(frame, UseCounter::BlockedSniffingImageToScript); |
- return false; |
+ if (resource) { |
+ if (!resource->mimeTypeAllowedByNosniff()) { |
+ contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->url().elidedString() + "' because its MIME type ('" + resource->mimeType() + "') is not executable, and strict MIME type checking is enabled.")); |
+ return false; |
+ } |
+ |
+ String mimetype = resource->mimeType(); |
+ if (mimetype.lower().startsWith("image/")) { |
+ contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->url().elidedString() + "' because its MIME type ('" + resource->mimeType() + "') is not executable.")); |
+ UseCounter::count(frame, UseCounter::BlockedSniffingImageToScript); |
+ return false; |
+ } |
+ |
+ bool text = mimetype.lower().startsWith("text/"); |
Nate Chapin
2015/11/10 18:02:49
Maybe pull this new logging into a helper?
Dan Ehrenberg
2015/11/24 00:55:20
Done
|
+ bool expectedJs = MIMETypeRegistry::isSupportedJavaScriptMIMEType(mimetype) || (text && isLegacySupportedJavaScriptLanguage(mimetype.substring(5))); |
+ bool sameOrigin = m_element->document().securityOrigin()->canRequest(m_resource->url()); |
+ if (!expectedJs) { |
+ UseCounter::Feature feature = sameOrigin ? (text ? UseCounter::SameOriginTextScript : UseCounter::SameOriginOtherScript) : (text ? UseCounter::CrossOriginTextScript : UseCounter::CrossOriginOtherScript); |
+ UseCounter::count(frame, feature); |
+ } |
} |
} |