Don't preload scripts with invalid type/language attributes

third_party/WebKit/Source/core/dom/ScriptLoader.cpp

 /*
  * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
  *           (C) 1999 Antti Koivisto (koivisto@kde.org)
  *           (C) 2001 Dirk Mueller (mueller@kde.org)
  * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserved.
  * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org>
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Library General Public
  * License as published by the Free Software Foundation; either
@@ skipping 145 matching lines @@
     m_element->dispatchEvent(Event::create(EventTypeNames::error));
 }
 
 void ScriptLoader::dispatchLoadEvent()
 {
     if (ScriptLoaderClient* client = this->client())
         client->dispatchLoadEvent();
     setHaveFiredLoadEvent(true);
 }
 
-bool ScriptLoader::isScriptTypeSupported(LegacyTypeSupport supportLegacyTypes) const
+// static

[Yoav Weiss, 2016/06/25 08:08:16]

delete?

[Charlie Harrison, 2016/06/27 19:44:10]

Done.

+bool ScriptLoader::isValidScriptTypeAndLanguage(const String& type, const String& language, LegacyTypeSupport supportLegacyTypes)
 {
     // FIXME: isLegacySupportedJavaScriptLanguage() is not valid HTML5. It is used here to maintain backwards compatibility with existing layout tests. The specific violations are:
     // - Allowing type=javascript. type= should only support MIME types, such as text/javascript.
     // - Allowing a different set of languages for language= and type=. language= supports Javascript 1.1 and 1.4-1.6, but type= does not.
 
-    String type = client()->typeAttributeValue();
-    String language = client()->languageAttributeValue();
     if (type.isEmpty() && language.isEmpty())

[Yoav Weiss, 2016/06/25 08:08:16]

nit: we can move the language.isEmpty() check to the block below and save us a
condition check in some cases.

[Charlie Harrison, 2016/06/27 19:44:10]

Done.

         return true; // Assume text/javascript.
     if (type.isEmpty()) {
-        type = "text/" + language.lower();
-        if (MIMETypeRegistry::isSupportedJavaScriptMIMEType(type) || isLegacySupportedJavaScriptLanguage(language))
+        if (MIMETypeRegistry::isSupportedJavaScriptMIMEType(type + language.lower()) || isLegacySupportedJavaScriptLanguage(language))

[Yoav Weiss, 2016/06/25 08:08:16]

why "type + " here if type is empty? Did you mean it to be "text/"?

[Charlie Harrison, 2016/06/27 19:44:10]

Oops. Fixed.

             return true;
     } else if (RuntimeEnabledFeatures::moduleScriptsEnabled() && type == "module") {
         return true;
     } else if (MIMETypeRegistry::isSupportedJavaScriptMIMEType(type.stripWhiteSpace()) || (supportLegacyTypes == AllowLegacyTypeInTypeAttribute && isLegacySupportedJavaScriptLanguage(type))) {
         return true;
     }
 
     return false;
 }
 
+bool ScriptLoader::isScriptTypeSupported(LegacyTypeSupport supportLegacyTypes) const
+{
+    return isValidScriptTypeAndLanguage(client()->typeAttributeValue(), client()->languageAttributeValue(), supportLegacyTypes);
+}
+
 // http://dev.w3.org/html5/spec/Overview.html#prepare-a-script
 bool ScriptLoader::prepareScript(const TextPosition& scriptStartPosition, LegacyTypeSupport supportLegacyTypes)
 {
     if (m_alreadyStarted)
         return false;
 
     ScriptLoaderClient* client = this->client();
 
     bool wasParserInserted;
     if (m_parserInserted) {
@@ skipping 321 matching lines @@
     if (isHTMLScriptLoader(element))
         return toHTMLScriptElement(element)->loader();
 
     if (isSVGScriptLoader(element))
         return toSVGScriptElement(element)->loader();
 
     return 0;
 }
 
 } // namespace blink