OLD | NEW |
---|---|
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/dom/ClassicScript.h" | 5 #include "core/dom/ClassicScript.h" |
6 | 6 |
7 #include "bindings/core/v8/ScriptController.h" | 7 #include "bindings/core/v8/ScriptController.h" |
8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
9 #include "core/frame/LocalFrame.h" | 9 #include "core/frame/LocalFrame.h" |
10 #include "core/frame/UseCounter.h" | 10 #include "core/frame/UseCounter.h" |
11 #include "core/inspector/ConsoleMessage.h" | 11 #include "core/inspector/ConsoleMessage.h" |
12 #include "platform/loader/fetch/AccessControlStatus.h" | 12 #include "platform/loader/fetch/AccessControlStatus.h" |
13 #include "platform/network/mime/MIMETypeRegistry.h" | 13 #include "platform/network/mime/MIMETypeRegistry.h" |
14 | 14 |
15 namespace blink { | 15 namespace blink { |
16 | 16 |
17 namespace { | 17 namespace { |
18 | 18 |
19 void LogScriptMIMEType(LocalFrame* frame, | 19 void LogScriptMIMEType(LocalFrame* frame, |
20 ScriptResource* resource, | 20 const ScriptResourceData* resource, |
kinuko
2017/05/18 05:43:30
ditto
| |
21 const String& mime_type, | 21 const String& mime_type, |
22 const SecurityOrigin* security_origin) { | 22 const SecurityOrigin* security_origin) { |
23 if (MIMETypeRegistry::IsSupportedJavaScriptMIMEType(mime_type)) | 23 if (MIMETypeRegistry::IsSupportedJavaScriptMIMEType(mime_type)) |
24 return; | 24 return; |
25 bool is_text = mime_type.StartsWith("text/", kTextCaseASCIIInsensitive); | 25 bool is_text = mime_type.StartsWith("text/", kTextCaseASCIIInsensitive); |
26 if (is_text && MIMETypeRegistry::IsLegacySupportedJavaScriptLanguage( | 26 if (is_text && MIMETypeRegistry::IsLegacySupportedJavaScriptLanguage( |
27 mime_type.Substring(5))) | 27 mime_type.Substring(5))) |
28 return; | 28 return; |
29 bool is_same_origin = security_origin->CanRequest(resource->Url()); | 29 bool is_same_origin = security_origin->CanRequest(resource->Url()); |
30 bool is_application = | 30 bool is_application = |
(...skipping 20 matching lines...) Expand all Loading... | |
51 visitor->Trace(script_source_code_); | 51 visitor->Trace(script_source_code_); |
52 } | 52 } |
53 | 53 |
54 bool ClassicScript::IsEmpty() const { | 54 bool ClassicScript::IsEmpty() const { |
55 return GetScriptSourceCode().IsEmpty(); | 55 return GetScriptSourceCode().IsEmpty(); |
56 } | 56 } |
57 | 57 |
58 bool ClassicScript::CheckMIMETypeBeforeRunScript( | 58 bool ClassicScript::CheckMIMETypeBeforeRunScript( |
59 Document* context_document, | 59 Document* context_document, |
60 const SecurityOrigin* security_origin) const { | 60 const SecurityOrigin* security_origin) const { |
61 ScriptResource* resource = GetScriptSourceCode().GetResource(); | 61 const ScriptResourceData* resource = GetScriptSourceCode().GetResource(); |
62 CHECK(resource); | 62 CHECK(resource); |
63 | 63 |
64 if (!ScriptResource::MimeTypeAllowedByNosniff(resource->GetResponse())) { | 64 if (!ScriptResourceData::MimeTypeAllowedByNosniff(resource->GetResponse())) { |
65 context_document->AddConsoleMessage(ConsoleMessage::Create( | 65 context_document->AddConsoleMessage(ConsoleMessage::Create( |
66 kSecurityMessageSource, kErrorMessageLevel, | 66 kSecurityMessageSource, kErrorMessageLevel, |
67 "Refused to execute script from '" + resource->Url().ElidedString() + | 67 "Refused to execute script from '" + resource->Url().ElidedString() + |
68 "' because its MIME type ('" + resource->HttpContentType() + | 68 "' because its MIME type ('" + |
69 resource->GetResponse().HttpContentType() + | |
69 "') is not executable, and " | 70 "') is not executable, and " |
70 "strict MIME type checking is " | 71 "strict MIME type checking is " |
71 "enabled.")); | 72 "enabled.")); |
72 return false; | 73 return false; |
73 } | 74 } |
74 | 75 |
75 String mime_type = resource->HttpContentType(); | 76 String mime_type = resource->GetResponse().HttpContentType(); |
76 LocalFrame* frame = context_document->GetFrame(); | 77 LocalFrame* frame = context_document->GetFrame(); |
77 if (mime_type.StartsWith("image/") || mime_type == "text/csv" || | 78 if (mime_type.StartsWith("image/") || mime_type == "text/csv" || |
78 mime_type.StartsWith("audio/") || mime_type.StartsWith("video/")) { | 79 mime_type.StartsWith("audio/") || mime_type.StartsWith("video/")) { |
79 context_document->AddConsoleMessage(ConsoleMessage::Create( | 80 context_document->AddConsoleMessage(ConsoleMessage::Create( |
80 kSecurityMessageSource, kErrorMessageLevel, | 81 kSecurityMessageSource, kErrorMessageLevel, |
81 "Refused to execute script from '" + resource->Url().ElidedString() + | 82 "Refused to execute script from '" + resource->Url().ElidedString() + |
82 "' because its MIME type ('" + mime_type + | 83 "' because its MIME type ('" + mime_type + |
83 "') is not executable.")); | 84 "') is not executable.")); |
84 if (mime_type.StartsWith("image/")) | 85 if (mime_type.StartsWith("image/")) |
85 UseCounter::Count(frame, UseCounter::kBlockedSniffingImageToScript); | 86 UseCounter::Count(frame, UseCounter::kBlockedSniffingImageToScript); |
(...skipping 23 matching lines...) Expand all Loading... | |
109 access_control_status = | 110 access_control_status = |
110 GetScriptSourceCode().GetResource()->CalculateAccessControlStatus( | 111 GetScriptSourceCode().GetResource()->CalculateAccessControlStatus( |
111 security_origin); | 112 security_origin); |
112 } | 113 } |
113 | 114 |
114 frame->GetScriptController().ExecuteScriptInMainWorld(GetScriptSourceCode(), | 115 frame->GetScriptController().ExecuteScriptInMainWorld(GetScriptSourceCode(), |
115 access_control_status); | 116 access_control_status); |
116 } | 117 } |
117 | 118 |
118 } // namespace blink | 119 } // namespace blink |
OLD | NEW |