Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(368)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/dom/ScriptLoader.cpp

Issue 596043003: Basic console error messages for subresource integrity. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Fixed broken test expected values Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-invalid-integrity-expected.txt ('k') | Source/core/frame/SubresourceIntegrity.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2001 Dirk Mueller (mueller@kde.org) 4 * (C) 2001 Dirk Mueller (mueller@kde.org)
5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv ed. 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv ed.
6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> 6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org>
7 * 7 *
8 * This library is free software; you can redistribute it and/or 8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Library General Public 9 * modify it under the terms of the GNU Library General Public
10 * License as published by the Free Software Foundation; either 10 * License as published by the Free Software Foundation; either
(...skipping 306 matching lines...) Expand 10 before | Expand all | Expand 10 after
317 if (!m_isExternalScript && (!shouldBypassMainWorldCSP && !csp->allowInlineSc ript(elementDocument->url(), m_startLineNumber))) 317 if (!m_isExternalScript && (!shouldBypassMainWorldCSP && !csp->allowInlineSc ript(elementDocument->url(), m_startLineNumber)))
318 return; 318 return;
319 319
320 if (m_isExternalScript) { 320 if (m_isExternalScript) {
321 ScriptResource* resource = m_resource ? m_resource.get() : sourceCode.re source(); 321 ScriptResource* resource = m_resource ? m_resource.get() : sourceCode.re source();
322 if (resource && !resource->mimeTypeAllowedByNosniff()) { 322 if (resource && !resource->mimeTypeAllowedByNosniff()) {
323 contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMe ssageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->u rl().elidedString() + "' because its MIME type ('" + resource->mimeType() + "') is not executable, and strict MIME type checking is enabled.")); 323 contextDocument->addConsoleMessage(ConsoleMessage::create(SecurityMe ssageSource, ErrorMessageLevel, "Refused to execute script from '" + resource->u rl().elidedString() + "' because its MIME type ('" + resource->mimeType() + "') is not executable, and strict MIME type checking is enabled."));
324 return; 324 return;
325 } 325 }
326 326
327 // FIXME: On failure, SRI should probably provide an error message for t he console.
328 if (!SubresourceIntegrity::CheckSubresourceIntegrity(*m_element, sourceC ode.source(), sourceCode.resource()->url())) 327 if (!SubresourceIntegrity::CheckSubresourceIntegrity(*m_element, sourceC ode.source(), sourceCode.resource()->url()))
329 return; 328 return;
330 } 329 }
331 330
332 // FIXME: Can this be moved earlier in the function? 331 // FIXME: Can this be moved earlier in the function?
333 // Why are we ever attempting to execute scripts without a frame? 332 // Why are we ever attempting to execute scripts without a frame?
334 if (!frame) 333 if (!frame)
335 return; 334 return;
336 335
337 const bool isImportedScript = contextDocument != elementDocument; 336 const bool isImportedScript = contextDocument != elementDocument;
(...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after
451 if (isHTMLScriptLoader(element)) 450 if (isHTMLScriptLoader(element))
452 return toHTMLScriptElement(element)->loader(); 451 return toHTMLScriptElement(element)->loader();
453 452
454 if (isSVGScriptLoader(element)) 453 if (isSVGScriptLoader(element))
455 return toSVGScriptElement(element)->loader(); 454 return toSVGScriptElement(element)->loader();
456 455
457 return 0; 456 return 0;
458 } 457 }
459 458
460 } 459 }
OLDNEW
« no previous file with comments | « LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-invalid-integrity-expected.txt ('k') | Source/core/frame/SubresourceIntegrity.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698