OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/dom/ClassicScript.h" | 5 #include "core/dom/ClassicScript.h" |
6 | 6 |
7 #include "bindings/core/v8/ScriptController.h" | 7 #include "bindings/core/v8/ScriptController.h" |
8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
9 #include "core/frame/LocalFrame.h" | 9 #include "core/frame/LocalFrame.h" |
10 #include "core/frame/UseCounter.h" | 10 #include "core/frame/UseCounter.h" |
11 #include "core/inspector/ConsoleMessage.h" | 11 #include "core/inspector/ConsoleMessage.h" |
12 #include "platform/loader/fetch/AccessControlStatus.h" | 12 #include "platform/loader/fetch/AccessControlStatus.h" |
13 #include "platform/network/mime/MIMETypeRegistry.h" | 13 #include "platform/network/mime/MIMETypeRegistry.h" |
14 | 14 |
15 namespace blink { | 15 namespace blink { |
16 | 16 |
17 namespace { | 17 namespace { |
18 | 18 |
19 void LogScriptMIMEType(LocalFrame* frame, | 19 void LogScriptMIMEType(LocalFrame* frame, |
20 ScriptResource* resource, | 20 const ScriptResourceData* resource, |
21 const String& mime_type, | 21 const String& mime_type, |
22 const SecurityOrigin* security_origin) { | 22 const SecurityOrigin* security_origin) { |
23 if (MIMETypeRegistry::IsSupportedJavaScriptMIMEType(mime_type)) | 23 if (MIMETypeRegistry::IsSupportedJavaScriptMIMEType(mime_type)) |
24 return; | 24 return; |
25 bool is_text = mime_type.StartsWithIgnoringASCIICase("text/"); | 25 bool is_text = mime_type.StartsWithIgnoringASCIICase("text/"); |
26 if (is_text && MIMETypeRegistry::IsLegacySupportedJavaScriptLanguage( | 26 if (is_text && MIMETypeRegistry::IsLegacySupportedJavaScriptLanguage( |
27 mime_type.Substring(5))) | 27 mime_type.Substring(5))) |
28 return; | 28 return; |
29 bool is_same_origin = security_origin->CanRequest(resource->Url()); | 29 bool is_same_origin = security_origin->CanRequest(resource->Url()); |
30 bool is_application = | 30 bool is_application = |
(...skipping 15 matching lines...) Expand all Loading... |
46 } // namespace | 46 } // namespace |
47 | 47 |
48 DEFINE_TRACE(ClassicScript) { | 48 DEFINE_TRACE(ClassicScript) { |
49 Script::Trace(visitor); | 49 Script::Trace(visitor); |
50 visitor->Trace(script_source_code_); | 50 visitor->Trace(script_source_code_); |
51 } | 51 } |
52 | 52 |
53 bool ClassicScript::CheckMIMETypeBeforeRunScript( | 53 bool ClassicScript::CheckMIMETypeBeforeRunScript( |
54 Document* context_document, | 54 Document* context_document, |
55 const SecurityOrigin* security_origin) const { | 55 const SecurityOrigin* security_origin) const { |
56 ScriptResource* resource = GetScriptSourceCode().GetResource(); | 56 const ScriptResourceData* resource = GetScriptSourceCode().GetResource(); |
57 CHECK(resource); | 57 CHECK(resource); |
58 | 58 |
59 if (!ScriptResource::MimeTypeAllowedByNosniff(resource->GetResponse())) { | 59 if (!ScriptResourceData::MimeTypeAllowedByNosniff(resource->GetResponse())) { |
60 context_document->AddConsoleMessage(ConsoleMessage::Create( | 60 context_document->AddConsoleMessage(ConsoleMessage::Create( |
61 kSecurityMessageSource, kErrorMessageLevel, | 61 kSecurityMessageSource, kErrorMessageLevel, |
62 "Refused to execute script from '" + resource->Url().ElidedString() + | 62 "Refused to execute script from '" + resource->Url().ElidedString() + |
63 "' because its MIME type ('" + resource->HttpContentType() + | 63 "' because its MIME type ('" + |
| 64 resource->GetResponse().HttpContentType() + |
64 "') is not executable, and " | 65 "') is not executable, and " |
65 "strict MIME type checking is " | 66 "strict MIME type checking is " |
66 "enabled.")); | 67 "enabled.")); |
67 return false; | 68 return false; |
68 } | 69 } |
69 | 70 |
70 String mime_type = resource->HttpContentType(); | 71 String mime_type = resource->GetResponse().HttpContentType(); |
71 LocalFrame* frame = context_document->GetFrame(); | 72 LocalFrame* frame = context_document->GetFrame(); |
72 if (mime_type.StartsWith("image/") || mime_type == "text/csv" || | 73 if (mime_type.StartsWith("image/") || mime_type == "text/csv" || |
73 mime_type.StartsWith("audio/") || mime_type.StartsWith("video/")) { | 74 mime_type.StartsWith("audio/") || mime_type.StartsWith("video/")) { |
74 context_document->AddConsoleMessage(ConsoleMessage::Create( | 75 context_document->AddConsoleMessage(ConsoleMessage::Create( |
75 kSecurityMessageSource, kErrorMessageLevel, | 76 kSecurityMessageSource, kErrorMessageLevel, |
76 "Refused to execute script from '" + resource->Url().ElidedString() + | 77 "Refused to execute script from '" + resource->Url().ElidedString() + |
77 "' because its MIME type ('" + mime_type + | 78 "' because its MIME type ('" + mime_type + |
78 "') is not executable.")); | 79 "') is not executable.")); |
79 if (mime_type.StartsWith("image/")) | 80 if (mime_type.StartsWith("image/")) |
80 UseCounter::Count(frame, WebFeature::kBlockedSniffingImageToScript); | 81 UseCounter::Count(frame, WebFeature::kBlockedSniffingImageToScript); |
(...skipping 22 matching lines...) Expand all Loading... |
103 CHECK(GetScriptSourceCode().GetResource()); | 104 CHECK(GetScriptSourceCode().GetResource()); |
104 access_control_status = | 105 access_control_status = |
105 GetScriptSourceCode().GetResource()->CalculateAccessControlStatus(); | 106 GetScriptSourceCode().GetResource()->CalculateAccessControlStatus(); |
106 } | 107 } |
107 | 108 |
108 frame->GetScriptController().ExecuteScriptInMainWorld(GetScriptSourceCode(), | 109 frame->GetScriptController().ExecuteScriptInMainWorld(GetScriptSourceCode(), |
109 access_control_status); | 110 access_control_status); |
110 } | 111 } |
111 | 112 |
112 } // namespace blink | 113 } // namespace blink |
OLD | NEW |