Chromium Code Reviews Chromium Code Reviews
Issue 2099853002:
Don't preload scripts with invalid type/language attributes (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
| 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
| 4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
| 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv ed. | 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv ed. |
| 6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> | 6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> |
| 7 * | 7 * |
| 8 * This library is free software; you can redistribute it and/or | 8 * This library is free software; you can redistribute it and/or |
| 9 * modify it under the terms of the GNU Library General Public | 9 * modify it under the terms of the GNU Library General Public |
| 10 * License as published by the Free Software Foundation; either | 10 * License as published by the Free Software Foundation; either |
| (...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 124 // Helper function | 124 // Helper function |
| 125 static bool isLegacySupportedJavaScriptLanguage(const String& language) | 125 static bool isLegacySupportedJavaScriptLanguage(const String& language) |
| 126 { | 126 { |
| 127 // Mozilla 1.8 accepts javascript1.0 - javascript1.7, but WinIE 7 accepts on ly javascript1.1 - javascript1.3. | 127 // Mozilla 1.8 accepts javascript1.0 - javascript1.7, but WinIE 7 accepts on ly javascript1.1 - javascript1.3. |
| 128 // Mozilla 1.8 and WinIE 7 both accept javascript and livescript. | 128 // Mozilla 1.8 and WinIE 7 both accept javascript and livescript. |
| 129 // WinIE 7 accepts ecmascript and jscript, but Mozilla 1.8 doesn't. | 129 // WinIE 7 accepts ecmascript and jscript, but Mozilla 1.8 doesn't. |
| 130 // Neither Mozilla 1.8 nor WinIE 7 accept leading or trailing whitespace. | 130 // Neither Mozilla 1.8 nor WinIE 7 accept leading or trailing whitespace. |
| 131 // We want to accept all the values that either of these browsers accept, bu t not other values. | 131 // We want to accept all the values that either of these browsers accept, bu t not other values. |
| 132 | 132 |
| 133 // FIXME: This function is not HTML5 compliant. These belong in the MIME reg istry as "text/javascript<version>" entries. | 133 // FIXME: This function is not HTML5 compliant. These belong in the MIME reg istry as "text/javascript<version>" entries. |
| 134 typedef HashSet<String, CaseFoldingHash> LanguageSet; | 134 return equalIgnoringCase(language, "javascript") |
| 135 DEFINE_STATIC_LOCAL(LanguageSet, languages, ()); | 135 || equalIgnoringCase(language, "javascript1.0") |
| 136 if (languages.isEmpty()) { | 136 || equalIgnoringCase(language, "javascript1.1") |
| 137 languages.add("javascript"); | 137 || equalIgnoringCase(language, "javascript1.2") |
| 138 languages.add("javascript1.0"); | 138 || equalIgnoringCase(language, "javascript1.3") |
| 139 languages.add("javascript1.1"); | 139 || equalIgnoringCase(language, "javascript1.4") |
| 140 languages.add("javascript1.2"); | 140 || equalIgnoringCase(language, "javascript1.5") |
| 141 languages.add("javascript1.3"); | 141 || equalIgnoringCase(language, "javascript1.6") |
| 142 languages.add("javascript1.4"); | 142 || equalIgnoringCase(language, "javascript1.7") |
| 143 languages.add("javascript1.5"); | 143 || equalIgnoringCase(language, "livescript") |
| 144 languages.add("javascript1.6"); | 144 || equalIgnoringCase(language, "ecmascript") |
| 145 languages.add("javascript1.7"); | 145 || equalIgnoringCase(language, "jscript"); |
| 146 languages.add("livescript"); | |
| 147 languages.add("ecmascript"); | |
| 148 languages.add("jscript"); | |
| 149 } | |
| 150 | |
| 151 return languages.contains(language); | |
| 152 } | 146 } |
| 153 | 147 |
| 154 void ScriptLoader::dispatchErrorEvent() | 148 void ScriptLoader::dispatchErrorEvent() |
| 155 { | 149 { |
| 156 m_element->dispatchEvent(Event::create(EventTypeNames::error)); | 150 m_element->dispatchEvent(Event::create(EventTypeNames::error)); |
| 157 } | 151 } |
| 158 | 152 |
| 159 void ScriptLoader::dispatchLoadEvent() | 153 void ScriptLoader::dispatchLoadEvent() |
| 160 { | 154 { |
| 161 if (ScriptLoaderClient* client = this->client()) | 155 if (ScriptLoaderClient* client = this->client()) |
| 162 client->dispatchLoadEvent(); | 156 client->dispatchLoadEvent(); |
| 163 setHaveFiredLoadEvent(true); | 157 setHaveFiredLoadEvent(true); |
| 164 } | 158 } |
| 165 | 159 |
| 166 bool ScriptLoader::isScriptTypeSupported(LegacyTypeSupport supportLegacyTypes) c onst | 160 bool ScriptLoader::isValidScriptTypeAndLanguage(const String& type, const String & language, LegacyTypeSupport supportLegacyTypes) |
| 167 { | 161 { |
| 168 // FIXME: isLegacySupportedJavaScriptLanguage() is not valid HTML5. It is us ed here to maintain backwards compatibility with existing layout tests. The spec ific violations are: | 162 // FIXME: isLegacySupportedJavaScriptLanguage() is not valid HTML5. It is us ed here to maintain backwards compatibility with existing layout tests. The spec ific violations are: |
| 169 // - Allowing type=javascript. type= should only support MIME types, such as text/javascript. | 163 // - Allowing type=javascript. type= should only support MIME types, such as text/javascript. |
| 170 // - Allowing a different set of languages for language= and type=. language = supports Javascript 1.1 and 1.4-1.6, but type= does not. | 164 // - Allowing a different set of languages for language= and type=. language = supports Javascript 1.1 and 1.4-1.6, but type= does not. |
| 171 | |
| 172 String type = client()->typeAttributeValue(); | |
| 173 String language = client()->languageAttributeValue(); | |
| 174 if (type.isEmpty() && language.isEmpty()) | |
| 175 return true; // Assume text/javascript. | |
| 176 if (type.isEmpty()) { | 165 if (type.isEmpty()) { |
| 177 type = "text/" + language.lower(); | 166 return language.isEmpty() // assume text/javascript. |
| 178 if (MIMETypeRegistry::isSupportedJavaScriptMIMEType(type) || isLegacySup portedJavaScriptLanguage(language)) | 167 || MIMETypeRegistry::isSupportedJavaScriptMIMEType("text/" + languag e.lower()) |
|
Yoav Weiss
2016/06/30 09:37:50
Since we're already lowering, can we lower() once
Charlie Harrison
2016/06/30 12:47:12
Done.
| |
| 179 return true; | 168 || isLegacySupportedJavaScriptLanguage(language); |
| 180 } else if (RuntimeEnabledFeatures::moduleScriptsEnabled() && type == "module ") { | 169 } else if (RuntimeEnabledFeatures::moduleScriptsEnabled() && type == "module ") { |
| 181 return true; | 170 return true; |
| 182 } else if (MIMETypeRegistry::isSupportedJavaScriptMIMEType(type.stripWhiteSp ace()) || (supportLegacyTypes == AllowLegacyTypeInTypeAttribute && isLegacySuppo rtedJavaScriptLanguage(type))) { | 171 } else if (MIMETypeRegistry::isSupportedJavaScriptMIMEType(type.stripWhiteSp ace()) || (supportLegacyTypes == AllowLegacyTypeInTypeAttribute && isLegacySuppo rtedJavaScriptLanguage(type))) { |
| 183 return true; | 172 return true; |
| 184 } | 173 } |
| 185 | 174 |
| 186 return false; | 175 return false; |
| 187 } | 176 } |
| 188 | 177 |
| 178 bool ScriptLoader::isScriptTypeSupported(LegacyTypeSupport supportLegacyTypes) c onst | |
| 179 { | |
| 180 return isValidScriptTypeAndLanguage(client()->typeAttributeValue(), client() ->languageAttributeValue(), supportLegacyTypes); | |
| 181 } | |
| 182 | |
| 189 // http://dev.w3.org/html5/spec/Overview.html#prepare-a-script | 183 // http://dev.w3.org/html5/spec/Overview.html#prepare-a-script |
| 190 bool ScriptLoader::prepareScript(const TextPosition& scriptStartPosition, Legacy TypeSupport supportLegacyTypes) | 184 bool ScriptLoader::prepareScript(const TextPosition& scriptStartPosition, Legacy TypeSupport supportLegacyTypes) |
| 191 { | 185 { |
| 192 if (m_alreadyStarted) | 186 if (m_alreadyStarted) |
| 193 return false; | 187 return false; |
| 194 | 188 |
| 195 ScriptLoaderClient* client = this->client(); | 189 ScriptLoaderClient* client = this->client(); |
| 196 | 190 |
| 197 bool wasParserInserted; | 191 bool wasParserInserted; |
| 198 if (m_parserInserted) { | 192 if (m_parserInserted) { |
| (...skipping 321 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 520 if (isHTMLScriptLoader(element)) | 514 if (isHTMLScriptLoader(element)) |
| 521 return toHTMLScriptElement(element)->loader(); | 515 return toHTMLScriptElement(element)->loader(); |
| 522 | 516 |
| 523 if (isSVGScriptLoader(element)) | 517 if (isSVGScriptLoader(element)) |
| 524 return toSVGScriptElement(element)->loader(); | 518 return toSVGScriptElement(element)->loader(); |
| 525 | 519 |
| 526 return 0; | 520 return 0; |
| 527 } | 521 } |
| 528 | 522 |
| 529 } // namespace blink | 523 } // namespace blink |
| OLD | NEW |
