Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(210)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/dom/ScriptLoader.cpp

Issue 2099853002: Don't preload scripts with invalid type/language attributes (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/core/dom/ScriptLoader.h ('k') | third_party/WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/dom/ScriptLoader.cpp
diff --git a/third_party/WebKit/Source/core/dom/ScriptLoader.cpp b/third_party/WebKit/Source/core/dom/ScriptLoader.cpp
index a8337a8df390e92e0f5c4ad23955a52e56086473..fb2b72a35b07cb6faec43c3d1e1e9b2dfb454c92 100644
--- a/third_party/WebKit/Source/core/dom/ScriptLoader.cpp
+++ b/third_party/WebKit/Source/core/dom/ScriptLoader.cpp
@@ -163,19 +163,17 @@ void ScriptLoader::dispatchLoadEvent()
setHaveFiredLoadEvent(true);
}
-bool ScriptLoader::isScriptTypeSupported(LegacyTypeSupport supportLegacyTypes) const
+// static
Yoav Weiss 2016/06/25 08:08:16 delete?
Charlie Harrison 2016/06/27 19:44:10 Done.
+bool ScriptLoader::isValidScriptTypeAndLanguage(const String& type, const String& language, LegacyTypeSupport supportLegacyTypes)
{
// FIXME: isLegacySupportedJavaScriptLanguage() is not valid HTML5. It is used here to maintain backwards compatibility with existing layout tests. The specific violations are:
// - Allowing type=javascript. type= should only support MIME types, such as text/javascript.
// - Allowing a different set of languages for language= and type=. language= supports Javascript 1.1 and 1.4-1.6, but type= does not.
- String type = client()->typeAttributeValue();
- String language = client()->languageAttributeValue();
if (type.isEmpty() && language.isEmpty())
Yoav Weiss 2016/06/25 08:08:16 nit: we can move the language.isEmpty() check to t
Charlie Harrison 2016/06/27 19:44:10 Done.
return true; // Assume text/javascript.
if (type.isEmpty()) {
- type = "text/" + language.lower();
- if (MIMETypeRegistry::isSupportedJavaScriptMIMEType(type) || isLegacySupportedJavaScriptLanguage(language))
+ if (MIMETypeRegistry::isSupportedJavaScriptMIMEType(type + language.lower()) || isLegacySupportedJavaScriptLanguage(language))
Yoav Weiss 2016/06/25 08:08:16 why "type + " here if type is empty? Did you mean
Charlie Harrison 2016/06/27 19:44:10 Oops. Fixed.
return true;
} else if (RuntimeEnabledFeatures::moduleScriptsEnabled() && type == "module") {
return true;
@@ -186,6 +184,11 @@ bool ScriptLoader::isScriptTypeSupported(LegacyTypeSupport supportLegacyTypes) c
return false;
}
+bool ScriptLoader::isScriptTypeSupported(LegacyTypeSupport supportLegacyTypes) const
+{
+ return isValidScriptTypeAndLanguage(client()->typeAttributeValue(), client()->languageAttributeValue(), supportLegacyTypes);
+}
+
// http://dev.w3.org/html5/spec/Overview.html#prepare-a-script
bool ScriptLoader::prepareScript(const TextPosition& scriptStartPosition, LegacyTypeSupport supportLegacyTypes)
{
« no previous file with comments | « third_party/WebKit/Source/core/dom/ScriptLoader.h ('k') | third_party/WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698