Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(123)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/fetch/ScriptResource.h

Issue 1713093002: Fix SRI bypass by loading same resource twice in same origin. (Closed) Base URL: https://chromium.googlesource.com/chromium/src@2623
Patch Set: Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/dom/PendingScript.cpp ('k') | third_party/WebKit/Source/core/fetch/ScriptResource.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de)
3 Copyright (C) 2001 Dirk Mueller <mueller@kde.org> 3 Copyright (C) 2001 Dirk Mueller <mueller@kde.org>
4 Copyright (C) 2006 Samuel Weinig (sam.weinig@gmail.com) 4 Copyright (C) 2006 Samuel Weinig (sam.weinig@gmail.com)
5 Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved. 5 Copyright (C) 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
6 6
7 This library is free software; you can redistribute it and/or 7 This library is free software; you can redistribute it and/or
8 modify it under the terms of the GNU Library General Public 8 modify it under the terms of the GNU Library General Public
9 License as published by the Free Software Foundation; either 9 License as published by the Free Software Foundation; either
10 version 2 of the License, or (at your option) any later version. 10 version 2 of the License, or (at your option) any later version.
(...skipping 15 matching lines...) Expand all
26 #ifndef ScriptResource_h 26 #ifndef ScriptResource_h
27 #define ScriptResource_h 27 #define ScriptResource_h
28 28
29 #include "core/CoreExport.h" 29 #include "core/CoreExport.h"
30 #include "core/fetch/IntegrityMetadata.h" 30 #include "core/fetch/IntegrityMetadata.h"
31 #include "core/fetch/ResourceClient.h" 31 #include "core/fetch/ResourceClient.h"
32 #include "core/fetch/TextResource.h" 32 #include "core/fetch/TextResource.h"
33 33
34 namespace blink { 34 namespace blink {
35 35
36 enum class ScriptIntegrityDisposition {
37 NotChecked = 0,
38 Failed,
39 Passed
40 };
41
36 class FetchRequest; 42 class FetchRequest;
37 class ScriptResource; 43 class ScriptResource;
38 44
39 class CORE_EXPORT ScriptResourceClient : public ResourceClient { 45 class CORE_EXPORT ScriptResourceClient : public ResourceClient {
40 public: 46 public:
41 ~ScriptResourceClient() override {} 47 ~ScriptResourceClient() override {}
42 static ResourceClientType expectedType() { return ScriptType; } 48 static ResourceClientType expectedType() { return ScriptType; }
43 ResourceClientType resourceClientType() const final { return expectedType(); } 49 ResourceClientType resourceClientType() const final { return expectedType(); }
44 50
45 virtual void notifyAppendData(ScriptResource* resource) { } 51 virtual void notifyAppendData(ScriptResource* resource) { }
(...skipping 17 matching lines...) Expand all
63 void destroyDecodedDataForFailedRevalidation() override; 69 void destroyDecodedDataForFailedRevalidation() override;
64 70
65 const String& script(); 71 const String& script();
66 72
67 AtomicString mimeType() const; 73 AtomicString mimeType() const;
68 74
69 bool mimeTypeAllowedByNosniff() const; 75 bool mimeTypeAllowedByNosniff() const;
70 76
71 void setIntegrityMetadata(const IntegrityMetadataSet& metadata) { m_integrit yMetadata = metadata; } 77 void setIntegrityMetadata(const IntegrityMetadataSet& metadata) { m_integrit yMetadata = metadata; }
72 const IntegrityMetadataSet& integrityMetadata() const { return m_integrityMe tadata; } 78 const IntegrityMetadataSet& integrityMetadata() const { return m_integrityMe tadata; }
73 void setIntegrityAlreadyChecked(bool checked) { m_integrityChecked = checked ; } 79 // The argument must never be |NotChecked|.
74 bool integrityAlreadyChecked() { return m_integrityChecked; } 80 void setIntegrityDisposition(ScriptIntegrityDisposition);
81 ScriptIntegrityDisposition integrityDisposition() { return m_integrityDispos ition; }
75 bool mustRefetchDueToIntegrityMetadata(const FetchRequest&) const override; 82 bool mustRefetchDueToIntegrityMetadata(const FetchRequest&) const override;
76 83
77 private: 84 private:
78 class ScriptResourceFactory : public ResourceFactory { 85 class ScriptResourceFactory : public ResourceFactory {
79 public: 86 public:
80 ScriptResourceFactory() 87 ScriptResourceFactory()
81 : ResourceFactory(Resource::Script) { } 88 : ResourceFactory(Resource::Script) { }
82 89
83 Resource* create(const ResourceRequest& request, const String& charset) const override 90 Resource* create(const ResourceRequest& request, const String& charset) const override
84 { 91 {
85 return new ScriptResource(request, charset); 92 return new ScriptResource(request, charset);
86 } 93 }
87 }; 94 };
88 95
89 bool m_integrityChecked; 96 ScriptIntegrityDisposition m_integrityDisposition;
90 IntegrityMetadataSet m_integrityMetadata; 97 IntegrityMetadataSet m_integrityMetadata;
91 98
92 AtomicString m_script; 99 AtomicString m_script;
93 }; 100 };
94 101
95 DEFINE_RESOURCE_TYPE_CASTS(Script); 102 DEFINE_RESOURCE_TYPE_CASTS(Script);
96 103
97 } 104 }
98 105
99 #endif 106 #endif
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/dom/PendingScript.cpp ('k') | third_party/WebKit/Source/core/fetch/ScriptResource.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698