Dev tools warning and console warning for document.write script blocking

third_party/WebKit/Source/core/loader/FrameFetchContext.cpp

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 62 matching lines @@
 #include "public/platform/WebDocumentSubresourceFilter.h"
 #include "public/platform/WebFrameScheduler.h"
 #include "public/platform/WebInsecureRequestPolicy.h"
 
 #include <algorithm>
 
 namespace blink {
 
 namespace {
 
-bool shouldDisallowFetchForMainFrameScript(const ResourceRequest& request, FetchRequest::DeferOption defer, const Document& document)
+void emitWarningForDocWriteScripts(const String& url, Document& document)
+{
+    String message = "A Parser-blocking, cross-origin script, " + url + ", is invoked via document.write. This may be blocked by the browser if the device has poor network connectivity.";
+    document.addConsoleMessage(ConsoleMessage::create(JSMessageSource, WarningMessageLevel, message));
+    WTFLogAlways("%s", message.utf8().data());
+}
+
+bool shouldDisallowFetchForMainFrameScript(const ResourceRequest& request, FetchRequest::DeferOption defer, Document& document)
 {
     // Only scripts inserted via document.write are candidates for having their
     // fetch disallowed.
     if (!document.isInDocumentWrite())
         return false;
 
     if (!document.settings())
         return false;
 
     if (!document.frame())
         return false;
 
     // Only block synchronously loaded (parser blocking) scripts.
     if (defer != FetchRequest::NoDefer)
         return false;
 
     if (!request.url().protocolIsInHTTPFamily())
         return false;
 
     // Avoid blocking same origin scripts, as they may be used to render main
     // page content, whereas cross-origin scripts inserted via document.write
     // are likely to be third party content.
     if (request.url().host() == document.getSecurityOrigin()->domain())
         return false;
 
+    emitWarningForDocWriteScripts(request.url().getString(), document);
+
     // Do not block scripts if it is a page reload. This is to enable pages to
     // recover if blocking of a script is leading to a page break and the user
     // reloads the page.
     const FrameLoadType loadType = document.frame()->loader().loadType();
     const bool isReload = loadType == FrameLoadTypeReload || loadType == FrameLoadTypeReloadBypassingCache || loadType == FrameLoadTypeReloadMainResource;
     if (isReload) {
         // Recording this metric since an increase in number of reloads for pages
         // where a script was blocked could be indicative of a page break.
         document.loader()->didObserveLoadingBehavior(WebLoadingBehaviorFlag::WebLoadingBehaviorDocumentWriteBlockReload);
         return false;
@@ skipping 654 matching lines @@
 }
 
 DEFINE_TRACE(FrameFetchContext)
 {
     visitor->trace(m_document);
     visitor->trace(m_documentLoader);
     FetchContext::trace(visitor);
 }
 
 } // namespace blink