Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1362)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/dom/ClassicScript.cpp

Issue 2780463002: Introduce blink::Script (Closed)
Patch Set: style Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/dom/ClassicScript.h ('k') | third_party/WebKit/Source/core/dom/ModuleScript.h » ('j') | third_party/WebKit/Source/core/dom/ModuleScript.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "core/dom/ClassicScript.h"
6
7 #include "bindings/core/v8/ScriptController.h"
8 #include "core/dom/Document.h"
9 #include "core/frame/LocalFrame.h"
10 #include "core/frame/UseCounter.h"
11 #include "core/inspector/ConsoleMessage.h"
12 #include "platform/loader/fetch/AccessControlStatus.h"
13 #include "platform/network/mime/MIMETypeRegistry.h"
14
15 namespace blink {
16
17 namespace {
18
19 void logScriptMIMEType(LocalFrame* frame,
20 ScriptResource* resource,
21 const String& mimeType,
22 const SecurityOrigin* securityOrigin) {
23 if (MIMETypeRegistry::isSupportedJavaScriptMIMEType(mimeType))
24 return;
25 bool isText = mimeType.startsWith("text/", TextCaseASCIIInsensitive);
26 if (isText && MIMETypeRegistry::isLegacySupportedJavaScriptLanguage(
27 mimeType.substring(5)))
28 return;
29 bool isSameOrigin = securityOrigin->canRequest(resource->url());
30 bool isApplication =
31 !isText && mimeType.startsWith("application/", TextCaseASCIIInsensitive);
32
33 UseCounter::Feature feature =
34 isSameOrigin
35 ? (isText ? UseCounter::SameOriginTextScript
36 : isApplication ? UseCounter::SameOriginApplicationScript
37 : UseCounter::SameOriginOtherScript)
38 : (isText ? UseCounter::CrossOriginTextScript
39 : isApplication ? UseCounter::CrossOriginApplicationScript
40 : UseCounter::CrossOriginOtherScript);
41
42 UseCounter::count(frame, feature);
43 }
44
45 } // namespace
46
47 bool ClassicScript::isEmpty() const {
48 return scriptSourceCode().isEmpty();
49 }
50
51 bool ClassicScript::checkMIMETypeBeforeRunScript(
52 Document* contextDocument,
53 const SecurityOrigin* securityOrigin) const {
54 ScriptResource* resource = scriptSourceCode().resource();
55 CHECK(resource);
56 if (!ScriptResource::mimeTypeAllowedByNosniff(resource->response())) {
57 contextDocument->addConsoleMessage(ConsoleMessage::create(
58 SecurityMessageSource, ErrorMessageLevel,
59 "Refused to execute script from '" + resource->url().elidedString() +
60 "' because its MIME type ('" + resource->httpContentType() +
61 "') is not executable, and strict MIME type checking is enabled."));
62 return false;
63 }
64
65 String mimeType = resource->httpContentType();
66 LocalFrame* frame = contextDocument->frame();
67 if (mimeType.startsWith("image/") || mimeType == "text/csv" ||
68 mimeType.startsWith("audio/") || mimeType.startsWith("video/")) {
69 contextDocument->addConsoleMessage(ConsoleMessage::create(
70 SecurityMessageSource, ErrorMessageLevel,
71 "Refused to execute script from '" + resource->url().elidedString() +
72 "' because its MIME type ('" + mimeType + "') is not executable."));
73 if (mimeType.startsWith("image/"))
74 UseCounter::count(frame, UseCounter::BlockedSniffingImageToScript);
75 else if (mimeType.startsWith("audio/"))
76 UseCounter::count(frame, UseCounter::BlockedSniffingAudioToScript);
77 else if (mimeType.startsWith("video/"))
78 UseCounter::count(frame, UseCounter::BlockedSniffingVideoToScript);
79 else if (mimeType == "text/csv")
80 UseCounter::count(frame, UseCounter::BlockedSniffingCSVToScript);
81 return false;
82 }
83
84 logScriptMIMEType(frame, resource, mimeType, securityOrigin);
85 return true;
86 }
87
88 void ClassicScript::runScript(LocalFrame* frame,
89 const SecurityOrigin* securityOrigin) const {
90 AccessControlStatus accessControlStatus = NotSharableCrossOrigin;
91 const bool isExternalScript = scriptSourceCode().resource();
92 if (!isExternalScript) {
93 accessControlStatus = SharableCrossOrigin;
94 } else {
95 CHECK(scriptSourceCode().resource());
96 accessControlStatus =
97 scriptSourceCode().resource()->calculateAccessControlStatus(
98 securityOrigin);
99 }
100
101 frame->script().executeScriptInMainWorld(scriptSourceCode(),
102 accessControlStatus);
103 }
104
105 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/dom/ClassicScript.h ('k') | third_party/WebKit/Source/core/dom/ModuleScript.h » ('j') | third_party/WebKit/Source/core/dom/ModuleScript.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698