Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(173)

Side by Side Diff: third_party/WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp

Issue 2099853002: Don't preload scripts with invalid type/language attributes (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2008 Apple Inc. All Rights Reserved. 2 * Copyright (C) 2008 Apple Inc. All Rights Reserved.
3 * Copyright (C) 2009 Torch Mobile, Inc. http://www.torchmobile.com/ 3 * Copyright (C) 2009 Torch Mobile, Inc. http://www.torchmobile.com/
4 * Copyright (C) 2010 Google Inc. All Rights Reserved. 4 * Copyright (C) 2010 Google Inc. All Rights Reserved.
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
8 * are met: 8 * are met:
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 16 matching lines...) Expand all
27 27
28 #include "core/html/parser/HTMLPreloadScanner.h" 28 #include "core/html/parser/HTMLPreloadScanner.h"
29 29
30 #include "core/HTMLNames.h" 30 #include "core/HTMLNames.h"
31 #include "core/InputTypeNames.h" 31 #include "core/InputTypeNames.h"
32 #include "core/css/MediaList.h" 32 #include "core/css/MediaList.h"
33 #include "core/css/MediaQueryEvaluator.h" 33 #include "core/css/MediaQueryEvaluator.h"
34 #include "core/css/MediaValuesCached.h" 34 #include "core/css/MediaValuesCached.h"
35 #include "core/css/parser/SizesAttributeParser.h" 35 #include "core/css/parser/SizesAttributeParser.h"
36 #include "core/dom/Document.h" 36 #include "core/dom/Document.h"
37 #include "core/dom/ScriptLoader.h"
37 #include "core/fetch/IntegrityMetadata.h" 38 #include "core/fetch/IntegrityMetadata.h"
38 #include "core/frame/LocalFrame.h" 39 #include "core/frame/LocalFrame.h"
39 #include "core/frame/Settings.h" 40 #include "core/frame/Settings.h"
40 #include "core/frame/SubresourceIntegrity.h" 41 #include "core/frame/SubresourceIntegrity.h"
41 #include "core/html/CrossOriginAttribute.h" 42 #include "core/html/CrossOriginAttribute.h"
42 #include "core/html/HTMLImageElement.h" 43 #include "core/html/HTMLImageElement.h"
43 #include "core/html/HTMLMetaElement.h" 44 #include "core/html/HTMLMetaElement.h"
44 #include "core/html/LinkRelAttribute.h" 45 #include "core/html/LinkRelAttribute.h"
45 #include "core/html/parser/HTMLParserIdioms.h" 46 #include "core/html/parser/HTMLParserIdioms.h"
46 #include "core/html/parser/HTMLSrcsetParser.h" 47 #include "core/html/parser/HTMLSrcsetParser.h"
(...skipping 218 matching lines...) Expand 10 before | Expand all | Expand 10 after
265 // Note that only scripts need to have the integrity metadata set on 266 // Note that only scripts need to have the integrity metadata set on
266 // preloads. This is because script resources fetches, and only script 267 // preloads. This is because script resources fetches, and only script
267 // resource fetches, need to re-request resources if a cached version 268 // resource fetches, need to re-request resources if a cached version
268 // has different metadata (including empty) from the metadata on the 269 // has different metadata (including empty) from the metadata on the
269 // request. See the comment before the call to 270 // request. See the comment before the call to
270 // mustRefetchDueToIntegrityMismatch() in 271 // mustRefetchDueToIntegrityMismatch() in
271 // Source/core/fetch/ResourceFetcher.cpp for a more complete 272 // Source/core/fetch/ResourceFetcher.cpp for a more complete
272 // explanation. 273 // explanation.
273 else if (match(attributeName, integrityAttr)) 274 else if (match(attributeName, integrityAttr))
274 SubresourceIntegrity::parseIntegrityAttribute(attributeValue, m_inte grityMetadata); 275 SubresourceIntegrity::parseIntegrityAttribute(attributeValue, m_inte grityMetadata);
276 else if (match(attributeName, typeAttr))
277 m_typeAttributeValue = attributeValue;
278 else if (match(attributeName, languageAttr))
279 m_languageAttributeValue = attributeValue;
275 } 280 }
276 281
277 template<typename NameType> 282 template<typename NameType>
278 void processImgAttribute(const NameType& attributeName, const String& attrib uteValue) 283 void processImgAttribute(const NameType& attributeName, const String& attrib uteValue)
279 { 284 {
280 if (match(attributeName, srcAttr) && m_imgSrcUrl.isNull()) { 285 if (match(attributeName, srcAttr) && m_imgSrcUrl.isNull()) {
281 m_imgSrcUrl = attributeValue; 286 m_imgSrcUrl = attributeValue;
282 setUrlToLoad(bestFitSourceForImageAttributes(m_mediaValues->devicePi xelRatio(), m_sourceSize, attributeValue, m_srcsetImageCandidate), AllowURLRepla cement); 287 setUrlToLoad(bestFitSourceForImageAttributes(m_mediaValues->devicePi xelRatio(), m_sourceSize, attributeValue, m_srcsetImageCandidate), AllowURLRepla cement);
283 } else if (match(attributeName, crossoriginAttr)) { 288 } else if (match(attributeName, crossoriginAttr)) {
284 setCrossOrigin(attributeValue); 289 setCrossOrigin(attributeValue);
(...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after
433 bool shouldPreload() const 438 bool shouldPreload() const
434 { 439 {
435 if (m_urlToLoad.isEmpty()) 440 if (m_urlToLoad.isEmpty())
436 return false; 441 return false;
437 if (!m_matched) 442 if (!m_matched)
438 return false; 443 return false;
439 if (match(m_tagImpl, linkTag) && !m_linkIsStyleSheet && !m_linkIsImport && !m_linkIsPreload) 444 if (match(m_tagImpl, linkTag) && !m_linkIsStyleSheet && !m_linkIsImport && !m_linkIsPreload)
440 return false; 445 return false;
441 if (match(m_tagImpl, inputTag) && !m_inputIsImage) 446 if (match(m_tagImpl, inputTag) && !m_inputIsImage)
442 return false; 447 return false;
448 if (match(m_tagImpl, scriptTag) && !ScriptLoader::isValidScriptTypeAndLa nguage(m_typeAttributeValue, m_languageAttributeValue, ScriptLoader::AllowLegacy TypeInTypeAttribute))
449 return false;
443 return true; 450 return true;
444 } 451 }
445 452
446 void setCrossOrigin(const String& corsSetting) 453 void setCrossOrigin(const String& corsSetting)
447 { 454 {
448 m_crossOrigin = crossOriginAttributeValue(corsSetting); 455 m_crossOrigin = crossOriginAttributeValue(corsSetting);
449 } 456 }
450 457
451 void setDefer(FetchRequest::DeferOption defer) 458 void setDefer(FetchRequest::DeferOption defer)
452 { 459 {
(...skipping 11 matching lines...) Expand all
464 String m_charset; 471 String m_charset;
465 bool m_linkIsStyleSheet; 472 bool m_linkIsStyleSheet;
466 bool m_linkIsPreconnect; 473 bool m_linkIsPreconnect;
467 bool m_linkIsPreload; 474 bool m_linkIsPreload;
468 bool m_linkIsImport; 475 bool m_linkIsImport;
469 bool m_matched; 476 bool m_matched;
470 bool m_inputIsImage; 477 bool m_inputIsImage;
471 String m_imgSrcUrl; 478 String m_imgSrcUrl;
472 String m_srcsetAttributeValue; 479 String m_srcsetAttributeValue;
473 String m_asAttributeValue; 480 String m_asAttributeValue;
481 String m_typeAttributeValue;
482 String m_languageAttributeValue;
474 float m_sourceSize; 483 float m_sourceSize;
475 bool m_sourceSizeSet; 484 bool m_sourceSizeSet;
476 FetchRequest::DeferOption m_defer; 485 FetchRequest::DeferOption m_defer;
477 CrossOriginAttributeValue m_crossOrigin; 486 CrossOriginAttributeValue m_crossOrigin;
478 Member<MediaValuesCached> m_mediaValues; 487 Member<MediaValuesCached> m_mediaValues;
479 bool m_referrerPolicySet; 488 bool m_referrerPolicySet;
480 ReferrerPolicy m_referrerPolicy; 489 ReferrerPolicy m_referrerPolicy;
481 IntegrityMetadataSet m_integrityMetadata; 490 IntegrityMetadataSet m_integrityMetadata;
482 }; 491 };
483 492
(...skipping 325 matching lines...) Expand 10 before | Expand all | Expand 10 after
809 ASSERT(document); 818 ASSERT(document);
810 doHtmlPreloadScanning = !document->settings() || document->settings()->doHtm lPreloadScanning(); 819 doHtmlPreloadScanning = !document->settings() || document->settings()->doHtm lPreloadScanning();
811 doDocumentWritePreloadScanning = doHtmlPreloadScanning && document->frame() && document->frame()->isMainFrame(); 820 doDocumentWritePreloadScanning = doHtmlPreloadScanning && document->frame() && document->frame()->isMainFrame();
812 defaultViewportMinWidth = document->viewportDefaultMinWidth(); 821 defaultViewportMinWidth = document->viewportDefaultMinWidth();
813 viewportMetaZeroValuesQuirk = document->settings() && document->settings()-> viewportMetaZeroValuesQuirk(); 822 viewportMetaZeroValuesQuirk = document->settings() && document->settings()-> viewportMetaZeroValuesQuirk();
814 viewportMetaEnabled = document->settings() && document->settings()->viewport MetaEnabled(); 823 viewportMetaEnabled = document->settings() && document->settings()->viewport MetaEnabled();
815 referrerPolicy = document->getReferrerPolicy(); 824 referrerPolicy = document->getReferrerPolicy();
816 } 825 }
817 826
818 } // namespace blink 827 } // namespace blink
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698