Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(258)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/dom/ClassicScript.cpp

Issue 2780463002: Introduce blink::Script (Closed)
Patch Set: Rebase Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/dom/ClassicScript.h ('k') | third_party/WebKit/Source/core/dom/ModuleScript.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "core/dom/ClassicScript.h"
6
7 #include "bindings/core/v8/ScriptController.h"
8 #include "core/dom/Document.h"
9 #include "core/frame/LocalFrame.h"
10 #include "core/frame/UseCounter.h"
11 #include "core/inspector/ConsoleMessage.h"
12 #include "platform/loader/fetch/AccessControlStatus.h"
13 #include "platform/network/mime/MIMETypeRegistry.h"
14
15 namespace blink {
16
17 namespace {
18
19 void LogScriptMIMEType(LocalFrame* frame,
20 ScriptResource* resource,
21 const String& mime_type,
22 const SecurityOrigin* security_origin) {
23 if (MIMETypeRegistry::IsSupportedJavaScriptMIMEType(mime_type))
24 return;
25 bool is_text = mime_type.StartsWith("text/", kTextCaseASCIIInsensitive);
26 if (is_text && MIMETypeRegistry::IsLegacySupportedJavaScriptLanguage(
27 mime_type.Substring(5)))
28 return;
29 bool is_same_origin = security_origin->CanRequest(resource->Url());
30 bool is_application =
31 !is_text &&
32 mime_type.StartsWith("application/", kTextCaseASCIIInsensitive);
33
34 UseCounter::Feature feature =
35 is_same_origin
36 ? (is_text ? UseCounter::kSameOriginTextScript
37 : is_application ? UseCounter::kSameOriginApplicationScript
38 : UseCounter::kSameOriginOtherScript)
39 : (is_text
40 ? UseCounter::kCrossOriginTextScript
41 : is_application ? UseCounter::kCrossOriginApplicationScript
42 : UseCounter::kCrossOriginOtherScript);
43
44 UseCounter::Count(frame, feature);
45 }
46
47 } // namespace
48
49 DEFINE_TRACE(ClassicScript) {
50 Script::Trace(visitor);
51 visitor->Trace(script_source_code_);
52 }
53
54 DEFINE_TRACE_WRAPPERS(ClassicScript) {
55 Script::TraceWrappers(visitor);
56 }
57
58 bool ClassicScript::IsEmpty() const {
59 return GetScriptSourceCode().IsEmpty();
60 }
61
62 bool ClassicScript::CheckMIMETypeBeforeRunScript(
63 Document* context_document,
64 const SecurityOrigin* security_origin) const {
65 ScriptResource* resource = GetScriptSourceCode().GetResource();
66 CHECK(resource);
67
68 if (!ScriptResource::MimeTypeAllowedByNosniff(resource->GetResponse())) {
69 context_document->AddConsoleMessage(ConsoleMessage::Create(
70 kSecurityMessageSource, kErrorMessageLevel,
71 "Refused to execute script from '" + resource->Url().ElidedString() +
72 "' because its MIME type ('" + resource->HttpContentType() +
73 "') is not executable, and "
74 "strict MIME type checking is "
75 "enabled."));
76 return false;
77 }
78
79 String mime_type = resource->HttpContentType();
80 LocalFrame* frame = context_document->GetFrame();
81 if (mime_type.StartsWith("image/") || mime_type == "text/csv" ||
82 mime_type.StartsWith("audio/") || mime_type.StartsWith("video/")) {
83 context_document->AddConsoleMessage(ConsoleMessage::Create(
84 kSecurityMessageSource, kErrorMessageLevel,
85 "Refused to execute script from '" + resource->Url().ElidedString() +
86 "' because its MIME type ('" + mime_type +
87 "') is not executable."));
88 if (mime_type.StartsWith("image/"))
89 UseCounter::Count(frame, UseCounter::kBlockedSniffingImageToScript);
90 else if (mime_type.StartsWith("audio/"))
91 UseCounter::Count(frame, UseCounter::kBlockedSniffingAudioToScript);
92 else if (mime_type.StartsWith("video/"))
93 UseCounter::Count(frame, UseCounter::kBlockedSniffingVideoToScript);
94 else if (mime_type == "text/csv")
95 UseCounter::Count(frame, UseCounter::kBlockedSniffingCSVToScript);
96 return false;
97 }
98
99 LogScriptMIMEType(frame, resource, mime_type, security_origin);
100
101 return true;
102 }
103
104 void ClassicScript::RunScript(LocalFrame* frame,
105 const SecurityOrigin* security_origin) const {
106 const bool is_external_script = GetScriptSourceCode().GetResource();
107
108 AccessControlStatus access_control_status = kNotSharableCrossOrigin;
109 if (!is_external_script) {
110 access_control_status = kSharableCrossOrigin;
111 } else {
112 CHECK(GetScriptSourceCode().GetResource());
113 access_control_status =
114 GetScriptSourceCode().GetResource()->CalculateAccessControlStatus(
115 security_origin);
116 }
117
118 frame->GetScriptController().ExecuteScriptInMainWorld(GetScriptSourceCode(),
119 access_control_status);
120 }
121
122 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/dom/ClassicScript.h ('k') | third_party/WebKit/Source/core/dom/ModuleScript.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698