third_party/WebKit/Source/core/html/HTMLLinkElement.cpp - Issue 2418083002: Fix LinkStyle SRI check when against 0 sized resource.

Side by Side Diff: third_party/WebKit/Source/core/html/HTMLLinkElement.cpp

Issue 2418083002: Fix LinkStyle SRI check when against 0 sized resource. (Closed)

Patch Set: Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« third_party/WebKit/LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-check-for-zero-size-css.html ('K') | « third_party/WebKit/LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-check-for-zero-size-css-expected.txt ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)	2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)

3 * (C) 1999 Antti Koivisto (koivisto@kde.org)	3 * (C) 1999 Antti Koivisto (koivisto@kde.org)

4 * (C) 2001 Dirk Mueller (mueller@kde.org)	4 * (C) 2001 Dirk Mueller (mueller@kde.org)

5 * Copyright (C) 2003, 2006, 2007, 2008, 2009, 2010 Apple Inc. All rights	5 * Copyright (C) 2003, 2006, 2007, 2008, 2009, 2010 Apple Inc. All rights

6 * reserved.	6 * reserved.

7 * Copyright (C) 2009 Rob Buis (rwlbuis@gmail.com)	7 * Copyright (C) 2009 Rob Buis (rwlbuis@gmail.com)

8 * Copyright (C) 2011 Google Inc. All rights reserved.	8 * Copyright (C) 2011 Google Inc. All rights reserved.

9 *	9 *

10 * This library is free software; you can redistribute it and/or	10 * This library is free software; you can redistribute it and/or

(...skipping 416 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
427 }	427 }

428	428

429 // See the comment in PendingScript.cpp about why this check is necessary	429 // See the comment in PendingScript.cpp about why this check is necessary

430 // here, instead of in the resource fetcher. https://crbug.com/500701.	430 // here, instead of in the resource fetcher. https://crbug.com/500701.

431 if (!cachedStyleSheet->errorOccurred() &&	431 if (!cachedStyleSheet->errorOccurred() &&

432 !m_owner->fastGetAttribute(HTMLNames::integrityAttr).isEmpty() &&	432 !m_owner->fastGetAttribute(HTMLNames::integrityAttr).isEmpty() &&

433 !cachedStyleSheet->integrityMetadata().isEmpty()) {	433 !cachedStyleSheet->integrityMetadata().isEmpty()) {

434 ResourceIntegrityDisposition disposition =	434 ResourceIntegrityDisposition disposition =

435 cachedStyleSheet->integrityDisposition();	435 cachedStyleSheet->integrityDisposition();

436	436

437 DCHECK(disposition != ResourceIntegrityDisposition::NotChecked \|\|

438 !cachedStyleSheet->sheetText().isNull());

439

440 if (disposition == ResourceIntegrityDisposition::NotChecked &&	437 if (disposition == ResourceIntegrityDisposition::NotChecked &&

441 !cachedStyleSheet->loadFailedOrCanceled()) {	438 !cachedStyleSheet->loadFailedOrCanceled()) {

442 DCHECK(cachedStyleSheet->resourceBuffer());	439 bool checkResult;

443 if (SubresourceIntegrity::CheckSubresourceIntegrity(	440 if (cachedStyleSheet->resourceBuffer()) {
	jww 2016/10/14 17:42:11 nit: This could be simplified by having a const ch nit: This could be simplified by having a const char* data and size_t size variables that are set based on if there is a resourceBuffer or not, and then having one call to SubresourceIntegrity::CheckSubresourceIntegrity(). Definitely a style preference, though, so whatever you prefer. kouhei (in TOK) 2016/10/17 01:23:38 Done. Show quoted text On 2016/10/14 17:42:11, jww wrote: > nit: This could be simplified by having a const char* data and size_t size > variables that are set based on if there is a resourceBuffer or not, and then > having one call to SubresourceIntegrity::CheckSubresourceIntegrity(). > > Definitely a style preference, though, so whatever you prefer. Done.
444 *m_owner, cachedStyleSheet->resourceBuffer()->data(),	441 checkResult = SubresourceIntegrity::CheckSubresourceIntegrity(

445 cachedStyleSheet->resourceBuffer()->size(), KURL(baseURL, href),	442 *m_owner, cachedStyleSheet->resourceBuffer()->data(),

446 *cachedStyleSheet))	443 cachedStyleSheet->resourceBuffer()->size(), KURL(baseURL, href),

447 disposition = ResourceIntegrityDisposition::Passed;	444 *cachedStyleSheet);

448 else	445 } else {

449 disposition = ResourceIntegrityDisposition::Failed;	446 // If resourceBuffer is nullptr, the resource content-size was 0.

	447 checkResult = SubresourceIntegrity::CheckSubresourceIntegrity(

	448 m_owner, nullptr, 0, KURL(baseURL, href), cachedStyleSheet);

	449 }

	450 disposition = checkResult ? ResourceIntegrityDisposition::Passed

	451 : ResourceIntegrityDisposition::Failed;

450	452

451 // TODO(kouhei): Remove this const_cast crbug.com/653502	453 // TODO(kouhei): Remove this const_cast crbug.com/653502

452 const_cast<CSSStyleSheetResource*>(cachedStyleSheet)	454 const_cast<CSSStyleSheetResource*>(cachedStyleSheet)

453 ->setIntegrityDisposition(disposition);	455 ->setIntegrityDisposition(disposition);

454 }	456 }

455	457

456 if (disposition == ResourceIntegrityDisposition::Failed) {	458 if (disposition == ResourceIntegrityDisposition::Failed) {

457 m_loading = false;	459 m_loading = false;

458 removePendingSheet();	460 removePendingSheet();

459 notifyLoadedSheetAndAllCriticalSubresources(	461 notifyLoadedSheetAndAllCriticalSubresources(

(...skipping 302 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
762 removePendingSheet();	764 removePendingSheet();

763 }	765 }

764	766

765 DEFINE_TRACE(LinkStyle) {	767 DEFINE_TRACE(LinkStyle) {

766 visitor->trace(m_sheet);	768 visitor->trace(m_sheet);

767 LinkResource::trace(visitor);	769 LinkResource::trace(visitor);

768 ResourceOwner<StyleSheetResource>::trace(visitor);	770 ResourceOwner<StyleSheetResource>::trace(visitor);

769 }	771 }

770	772

771 } // namespace blink	773 } // namespace blink

OLD	NEW