Don't preload scripts with invalid type/language attributes

third_party/WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp

 /*
  * Copyright (C) 2008 Apple Inc. All Rights Reserved.
  * Copyright (C) 2009 Torch Mobile, Inc. http://www.torchmobile.com/
  * Copyright (C) 2010 Google Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
@@ skipping 16 matching lines @@
 
 #include "core/html/parser/HTMLPreloadScanner.h"
 
 #include "core/HTMLNames.h"
 #include "core/InputTypeNames.h"
 #include "core/css/MediaList.h"
 #include "core/css/MediaQueryEvaluator.h"
 #include "core/css/MediaValuesCached.h"
 #include "core/css/parser/SizesAttributeParser.h"
 #include "core/dom/Document.h"
+#include "core/dom/ScriptLoader.h"
 #include "core/fetch/IntegrityMetadata.h"
 #include "core/frame/LocalFrame.h"
 #include "core/frame/Settings.h"
 #include "core/frame/SubresourceIntegrity.h"
 #include "core/html/CrossOriginAttribute.h"
 #include "core/html/HTMLImageElement.h"
 #include "core/html/HTMLMetaElement.h"
 #include "core/html/LinkRelAttribute.h"
 #include "core/html/parser/HTMLParserIdioms.h"
 #include "core/html/parser/HTMLSrcsetParser.h"
@@ skipping 167 matching lines @@
             requestType = PreloadRequest::RequestTypePreconnect;
         } else {
             if (isLinkRelPreload()) {
                 requestType = PreloadRequest::RequestTypeLinkRelPreload;
             }
             if (!shouldPreload()) {
                 return nullptr;
             }
         }
 
-
         TextPosition position = TextPosition(source.currentLine(), source.currentColumn());
         FetchRequest::ResourceWidth resourceWidth;
         float sourceSize = m_sourceSize;
         bool sourceSizeSet = m_sourceSizeSet;
         if (pictureData.picked) {
             sourceSizeSet = pictureData.sourceSizeSet;
             sourceSize = pictureData.sourceSize;
         }
         if (sourceSizeSet) {
             resourceWidth.width = sourceSize;
@@ skipping 30 matching lines @@
         // Note that only scripts need to have the integrity metadata set on
         // preloads. This is because script resources fetches, and only script
         // resource fetches, need to re-request resources if a cached version
         // has different metadata (including empty) from the metadata on the
         // request. See the comment before the call to
         // mustRefetchDueToIntegrityMismatch() in
         // Source/core/fetch/ResourceFetcher.cpp for a more complete
         // explanation.
         else if (match(attributeName, integrityAttr))
             SubresourceIntegrity::parseIntegrityAttribute(attributeValue, m_integrityMetadata);
+        else if (match(attributeName, typeAttr))
+            m_typeAttributeValue = attributeValue;
+        else if (match(attributeName, languageAttr))
+            m_languageAttributeValue = attributeValue;
     }
 
     template<typename NameType>
     void processImgAttribute(const NameType& attributeName, const String& attributeValue)
     {
         if (match(attributeName, srcAttr) && m_imgSrcUrl.isNull()) {
             m_imgSrcUrl = attributeValue;
             setUrlToLoad(bestFitSourceForImageAttributes(m_mediaValues->devicePixelRatio(), m_sourceSize, attributeValue, m_srcsetImageCandidate), AllowURLReplacement);
         } else if (match(attributeName, crossoriginAttr)) {
             setCrossOrigin(attributeValue);
@@ skipping 148 matching lines @@
     bool shouldPreload() const
     {
         if (m_urlToLoad.isEmpty())
             return false;
         if (!m_matched)
             return false;
         if (match(m_tagImpl, linkTag) && !m_linkIsStyleSheet && !m_linkIsImport && !m_linkIsPreload)
             return false;
         if (match(m_tagImpl, inputTag) && !m_inputIsImage)
             return false;
+        if (match(m_tagImpl, scriptTag) && !ScriptLoader::isValidScriptTypeAndLanguage(m_typeAttributeValue, m_languageAttributeValue, ScriptLoader::AllowLegacyTypeInTypeAttribute))
+            return false;
         return true;
     }
 
     void setCrossOrigin(const String& corsSetting)
     {
         m_crossOrigin = crossOriginAttributeValue(corsSetting);
     }
 
     void setDefer(FetchRequest::DeferOption defer)
     {
@@ skipping 11 matching lines @@
     String m_charset;
     bool m_linkIsStyleSheet;
     bool m_linkIsPreconnect;
     bool m_linkIsPreload;
     bool m_linkIsImport;
     bool m_matched;
     bool m_inputIsImage;
     String m_imgSrcUrl;
     String m_srcsetAttributeValue;
     String m_asAttributeValue;
+    String m_typeAttributeValue;
+    String m_languageAttributeValue;
     float m_sourceSize;
     bool m_sourceSizeSet;
     FetchRequest::DeferOption m_defer;
     CrossOriginAttributeValue m_crossOrigin;
     Member<MediaValuesCached> m_mediaValues;
     bool m_referrerPolicySet;
     ReferrerPolicy m_referrerPolicy;
     IntegrityMetadataSet m_integrityMetadata;
 };
 
@@ skipping 325 matching lines @@
     ASSERT(document);
     doHtmlPreloadScanning = !document->settings() || document->settings()->doHtmlPreloadScanning();
     doDocumentWritePreloadScanning = doHtmlPreloadScanning && document->frame() && document->frame()->isMainFrame();
     defaultViewportMinWidth = document->viewportDefaultMinWidth();
     viewportMetaZeroValuesQuirk = document->settings() && document->settings()->viewportMetaZeroValuesQuirk();
     viewportMetaEnabled = document->settings() && document->settings()->viewportMetaEnabled();
     referrerPolicy = document->getReferrerPolicy();
 }
 
 } // namespace blink