Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(339)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/dom/ClassicScript.cpp

Issue 2780463002: Introduce blink::Script (Closed)
Patch Set: style Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/core/dom/ClassicScript.h ('k') | third_party/WebKit/Source/core/dom/ModuleScript.h » ('j') | third_party/WebKit/Source/core/dom/ModuleScript.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/core/dom/ClassicScript.cpp
diff --git a/third_party/WebKit/Source/core/dom/ClassicScript.cpp b/third_party/WebKit/Source/core/dom/ClassicScript.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..34d45b4aaaf7f8952428e928b75631812df3f829
--- /dev/null
+++ b/third_party/WebKit/Source/core/dom/ClassicScript.cpp
@@ -0,0 +1,105 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "core/dom/ClassicScript.h"
+
+#include "bindings/core/v8/ScriptController.h"
+#include "core/dom/Document.h"
+#include "core/frame/LocalFrame.h"
+#include "core/frame/UseCounter.h"
+#include "core/inspector/ConsoleMessage.h"
+#include "platform/loader/fetch/AccessControlStatus.h"
+#include "platform/network/mime/MIMETypeRegistry.h"
+
+namespace blink {
+
+namespace {
+
+void logScriptMIMEType(LocalFrame* frame,
+ ScriptResource* resource,
+ const String& mimeType,
+ const SecurityOrigin* securityOrigin) {
+ if (MIMETypeRegistry::isSupportedJavaScriptMIMEType(mimeType))
+ return;
+ bool isText = mimeType.startsWith("text/", TextCaseASCIIInsensitive);
+ if (isText && MIMETypeRegistry::isLegacySupportedJavaScriptLanguage(
+ mimeType.substring(5)))
+ return;
+ bool isSameOrigin = securityOrigin->canRequest(resource->url());
+ bool isApplication =
+ !isText && mimeType.startsWith("application/", TextCaseASCIIInsensitive);
+
+ UseCounter::Feature feature =
+ isSameOrigin
+ ? (isText ? UseCounter::SameOriginTextScript
+ : isApplication ? UseCounter::SameOriginApplicationScript
+ : UseCounter::SameOriginOtherScript)
+ : (isText ? UseCounter::CrossOriginTextScript
+ : isApplication ? UseCounter::CrossOriginApplicationScript
+ : UseCounter::CrossOriginOtherScript);
+
+ UseCounter::count(frame, feature);
+}
+
+} // namespace
+
+bool ClassicScript::isEmpty() const {
+ return scriptSourceCode().isEmpty();
+}
+
+bool ClassicScript::checkMIMETypeBeforeRunScript(
+ Document* contextDocument,
+ const SecurityOrigin* securityOrigin) const {
+ ScriptResource* resource = scriptSourceCode().resource();
+ CHECK(resource);
+ if (!ScriptResource::mimeTypeAllowedByNosniff(resource->response())) {
+ contextDocument->addConsoleMessage(ConsoleMessage::create(
+ SecurityMessageSource, ErrorMessageLevel,
+ "Refused to execute script from '" + resource->url().elidedString() +
+ "' because its MIME type ('" + resource->httpContentType() +
+ "') is not executable, and strict MIME type checking is enabled."));
+ return false;
+ }
+
+ String mimeType = resource->httpContentType();
+ LocalFrame* frame = contextDocument->frame();
+ if (mimeType.startsWith("image/") || mimeType == "text/csv" ||
+ mimeType.startsWith("audio/") || mimeType.startsWith("video/")) {
+ contextDocument->addConsoleMessage(ConsoleMessage::create(
+ SecurityMessageSource, ErrorMessageLevel,
+ "Refused to execute script from '" + resource->url().elidedString() +
+ "' because its MIME type ('" + mimeType + "') is not executable."));
+ if (mimeType.startsWith("image/"))
+ UseCounter::count(frame, UseCounter::BlockedSniffingImageToScript);
+ else if (mimeType.startsWith("audio/"))
+ UseCounter::count(frame, UseCounter::BlockedSniffingAudioToScript);
+ else if (mimeType.startsWith("video/"))
+ UseCounter::count(frame, UseCounter::BlockedSniffingVideoToScript);
+ else if (mimeType == "text/csv")
+ UseCounter::count(frame, UseCounter::BlockedSniffingCSVToScript);
+ return false;
+ }
+
+ logScriptMIMEType(frame, resource, mimeType, securityOrigin);
+ return true;
+}
+
+void ClassicScript::runScript(LocalFrame* frame,
+ const SecurityOrigin* securityOrigin) const {
+ AccessControlStatus accessControlStatus = NotSharableCrossOrigin;
+ const bool isExternalScript = scriptSourceCode().resource();
+ if (!isExternalScript) {
+ accessControlStatus = SharableCrossOrigin;
+ } else {
+ CHECK(scriptSourceCode().resource());
+ accessControlStatus =
+ scriptSourceCode().resource()->calculateAccessControlStatus(
+ securityOrigin);
+ }
+
+ frame->script().executeScriptInMainWorld(scriptSourceCode(),
+ accessControlStatus);
+}
+
+} // namespace blink
« no previous file with comments | « third_party/WebKit/Source/core/dom/ClassicScript.h ('k') | third_party/WebKit/Source/core/dom/ModuleScript.h » ('j') | third_party/WebKit/Source/core/dom/ModuleScript.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698