Add counters for various ways of loading scripts with bad mimetypes

third_party/WebKit/Source/core/dom/ScriptLoader.cpp

Index: third_party/WebKit/Source/core/dom/ScriptLoader.cpp
diff --git a/third_party/WebKit/Source/core/dom/ScriptLoader.cpp b/third_party/WebKit/Source/core/dom/ScriptLoader.cpp
index a7b90c6739fafc8dca761bb50c11c5a5d3962981..592479a1949acbfff32cf3ca12193394db8cda9e 100644
--- a/third_party/WebKit/Source/core/dom/ScriptLoader.cpp
+++ b/third_party/WebKit/Source/core/dom/ScriptLoader.cpp
@@ -358,15 +358,26 @@ bool ScriptLoader::executeScript(const ScriptSourceCode& sourceCode, double* com
 
     if (m_isExternalScript) {
         ScriptResource* resource = m_resource ? m_resource.get() : sourceCode.resource();
-        if (resource && !resource->mimeTypeAllowedByNosniff()) {
-            contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->url().elidedString() + "' because its MIME type ('" + resource->mimeType() + "') is not executable, and strict MIME type checking is enabled."));
-            return false;
-        }
-
-        if (resource && resource->mimeType().lower().startsWith("image/")) {
-            contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->url().elidedString() + "' because its MIME type ('" + resource->mimeType() + "') is not executable."));
-            UseCounter::count(frame, UseCounter::BlockedSniffingImageToScript);
-            return false;
+        if (resource) {
+            if (!resource->mimeTypeAllowedByNosniff()) {
+                contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->url().elidedString() + "' because its MIME type ('" + resource->mimeType() + "') is not executable, and strict MIME type checking is enabled."));
+                return false;
+            }
+
+            String mimetype = resource->mimeType();
+            if (mimetype.lower().startsWith("image/")) {
+                contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->url().elidedString() + "' because its MIME type ('" + resource->mimeType() + "') is not executable."));
+                UseCounter::count(frame, UseCounter::BlockedSniffingImageToScript);
+                return false;
+            }
+
+            bool text = mimetype.lower().startsWith("text/");

[Nate Chapin, 2015/11/10 18:02:49]

Maybe pull this new logging into a helper?

[Dan Ehrenberg, 2015/11/24 00:55:20]

Done

+            bool expectedJs = MIMETypeRegistry::isSupportedJavaScriptMIMEType(mimetype) || (text && isLegacySupportedJavaScriptLanguage(mimetype.substring(5)));
+            bool sameOrigin = m_element->document().securityOrigin()->canRequest(m_resource->url());
+            if (!expectedJs) {
+                UseCounter::Feature feature = sameOrigin ? (text ? UseCounter::SameOriginTextScript : UseCounter::SameOriginOtherScript) : (text ? UseCounter::CrossOriginTextScript : UseCounter::CrossOriginOtherScript);
+                UseCounter::count(frame, feature);
+            }
         }
     }