| Index: Source/core/dom/ScriptLoader.cpp
|
| diff --git a/Source/core/dom/ScriptLoader.cpp b/Source/core/dom/ScriptLoader.cpp
|
| index 694873aec75e9659d72d9c9cdd17ffaca8fa3231..803c2fb139a9f61437c1d90d77ea4d8dee99105e 100644
|
| --- a/Source/core/dom/ScriptLoader.cpp
|
| +++ b/Source/core/dom/ScriptLoader.cpp
|
| @@ -42,6 +42,7 @@
|
| #include "core/html/imports/HTMLImport.h"
|
| #include "core/html/parser/HTMLParserIdioms.h"
|
| #include "core/frame/LocalFrame.h"
|
| +#include "core/frame/SubresourceIntegrity.h"
|
| #include "core/frame/csp/ContentSecurityPolicy.h"
|
| #include "core/inspector/ConsoleMessage.h"
|
| #include "core/svg/SVGScriptElement.h"
|
| @@ -322,6 +323,10 @@ void ScriptLoader::executeScript(const ScriptSourceCode& sourceCode, double* com
|
| contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMessageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->url().elidedString() + "' because its MIME type ('" + resource->mimeType() + "') is not executable, and strict MIME type checking is enabled."));
|
| return;
|
| }
|
| +
|
| + // FIXME: On failure, SRI should probably provide an error message for the console.
|
| + if (!SubresourceIntegrity::CheckSubresourceIntegrity(*m_element, sourceCode.source(), sourceCode.resource()->url()))
|
| + return;
|
| }
|
|
|
| // FIXME: Can this be moved earlier in the function?
|
|
|
Chromium Code Reviews
Issue 566083003:
Implementation of subresource integrity attribute for secure origins. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master