third_party/WebKit/Source/core/dom/ScriptLoader.cpp - Issue 2689173002: Implement script MIME restrictions for X-Content-Type-Options: nosniff for Workers

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: third_party/WebKit/Source/core/dom/ScriptLoader.cpp

Issue 2689173002: Implement script MIME restrictions for X-Content-Type-Options: nosniff for Workers (Closed)

Patch Set: incorporated mkwst@'s comment Created 3 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « third_party/WebKit/LayoutTests/external/wpt/workers/support/nosiniff-error-worker.py ('k') | third_party/WebKit/Source/core/loader/resource/ScriptResource.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)	2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)

3 * (C) 1999 Antti Koivisto (koivisto@kde.org)	3 * (C) 1999 Antti Koivisto (koivisto@kde.org)

4 * (C) 2001 Dirk Mueller (mueller@kde.org)	4 * (C) 2001 Dirk Mueller (mueller@kde.org)

5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights	5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights

6 * reserved.	6 * reserved.

7 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org>	7 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org>

8 *	8 *

9 * This library is free software; you can redistribute it and/or	9 * This library is free software; you can redistribute it and/or

10 * modify it under the terms of the GNU Library General Public	10 * modify it under the terms of the GNU Library General Public

(...skipping 462 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
473 (!shouldBypassMainWorldCSP &&	473 (!shouldBypassMainWorldCSP &&

474 !csp->allowInlineScript(m_element, elementDocument->url(), nonce,	474 !csp->allowInlineScript(m_element, elementDocument->url(), nonce,

475 m_startLineNumber, sourceCode.source()))) {	475 m_startLineNumber, sourceCode.source()))) {

476 return false;	476 return false;

477 }	477 }

478	478

479 if (m_isExternalScript) {	479 if (m_isExternalScript) {

480 ScriptResource* resource =	480 ScriptResource* resource =

481 m_resource ? m_resource.get() : sourceCode.resource();	481 m_resource ? m_resource.get() : sourceCode.resource();

482 if (resource) {	482 if (resource) {

483 if (!resource->mimeTypeAllowedByNosniff()) {	483 if (!ScriptResource::mimeTypeAllowedByNosniff(resource->response())) {

484 contextDocument->addConsoleMessage(ConsoleMessage::create(	484 contextDocument->addConsoleMessage(ConsoleMessage::create(

485 SecurityMessageSource, ErrorMessageLevel,	485 SecurityMessageSource, ErrorMessageLevel,

486 "Refused to execute script from '" +	486 "Refused to execute script from '" +

487 resource->url().elidedString() + "' because its MIME type ('" +	487 resource->url().elidedString() + "' because its MIME type ('" +

488 resource->httpContentType() + "') is not executable, and "	488 resource->httpContentType() + "') is not executable, and "

489 "strict MIME type checking is "	489 "strict MIME type checking is "

490 "enabled."));	490 "enabled."));

491 return false;	491 return false;

492 }	492 }

493	493

(...skipping 150 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
644 if (isHTMLScriptLoader(element))	644 if (isHTMLScriptLoader(element))

645 return toHTMLScriptElement(element)->loader();	645 return toHTMLScriptElement(element)->loader();

646	646

647 if (isSVGScriptLoader(element))	647 if (isSVGScriptLoader(element))

648 return toSVGScriptElement(element)->loader();	648 return toSVGScriptElement(element)->loader();

649	649

650 return 0;	650 return 0;

651 }	651 }

652	652

653 } // namespace blink	653 } // namespace blink

OLD	NEW