Fix SRI bypass by loading same resource twice in same origin.

third_party/WebKit/Source/core/dom/PendingScript.cpp

Index: third_party/WebKit/Source/core/dom/PendingScript.cpp
diff --git a/third_party/WebKit/Source/core/dom/PendingScript.cpp b/third_party/WebKit/Source/core/dom/PendingScript.cpp
index ba3e8a5bbcfd28a4ae5cca10beb104b6a014111c..92538410c81cf2512332e0bf16793469c8ba6875 100644
--- a/third_party/WebKit/Source/core/dom/PendingScript.cpp
+++ b/third_party/WebKit/Source/core/dom/PendingScript.cpp
@@ -164,9 +164,15 @@ void PendingScript::notifyFinished(Resource* resource)
         // integrity attribute isn't empty in addition to checking if the
         // resource has empty integrity metadata.
         if (!integrityAttr.isEmpty() && !scriptResource->integrityMetadata().isEmpty()) {
-            if (!scriptResource->integrityAlreadyChecked() && resource->resourceBuffer()) {
-                scriptResource->setIntegrityAlreadyChecked(true);
+            ScriptIntegrityDisposition disposition = scriptResource->integrityDisposition();
+            if (disposition == ScriptIntegrityDisposition::Failed) {
+                // TODO(jww): This should probably also generate a console
+                // message identical to the one produced by
+                // CheckSubresourceIntegrity below. See https://crbug.com/585267.
+                m_integrityFailure = true;
+            } else if (disposition == ScriptIntegrityDisposition::NotChecked && resource->resourceBuffer()) {
                 m_integrityFailure = !SubresourceIntegrity::CheckSubresourceIntegrity(scriptResource->integrityMetadata(), *m_element, resource->resourceBuffer()->data(), resource->resourceBuffer()->size(), resource->url(), *resource);
+                scriptResource->setIntegrityDisposition(m_integrityFailure ? ScriptIntegrityDisposition::Failed : ScriptIntegrityDisposition::Passed);
             }
         }
     }