|
|
Recommit Enable SRI only for same origin and CORS content
This fixes a memory leak and recommits the original patch in
https://codereview.chromium.org/954233003. The memory leak was caused by
bailing out of executeScript early on a integrity check failure, but
*after* pushCurrentScript() had been called (without calling
popCurrentScript()). This left the element dangling on the current
script stack without ever being popped, hence the memory leak.
As a solution, rather than calling popCurrentScript() early, this just
moves the access control check (and thus the bail out) before the script
is pushed on the stack. Thus, if a bail out occurs, there's no leak
because it was never on the stack. This matches how other failures and
bail outs in executeScript work as well.
R=mkwst@chromium.org
BUG= 438663
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=191789
|
Unified diffs |
Side-by-side diffs |
Delta from patch set |
Stats (+430 lines, -39 lines) |
Patch |
 |
M |
LayoutTests/http/tests/security/resources/cors-script.php
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/resources/cors-style.php
|
View
|
|
1 chunk |
+10 lines, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-cors.html
|
View
|
|
1 chunk |
+21 lines, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-cors-bad-integrity.html
|
View
|
|
1 chunk |
+21 lines, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-cors-bad-integrity-expected.txt
|
View
|
|
1 chunk |
+5 lines, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-cors-no-xorigin.html
|
View
|
|
1 chunk |
+21 lines, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-cors-no-xorigin-expected.txt
|
View
|
|
1 chunk |
+5 lines, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-no-cors.html
|
View
|
|
1 chunk |
+20 lines, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-no-cors-bad-integrity.html
|
View
|
|
1 chunk |
+20 lines, -0 lines |
0 comments
|
Download
|
|
A + |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-no-cors-bad-integrity-expected.txt
|
View
|
|
1 chunk |
+3 lines, -2 lines |
0 comments
|
Download
|
|
A + |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-no-cors-expected.txt
|
View
|
|
1 chunk |
+3 lines, -2 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-no-cors-no-xorigin.html
|
View
|
|
1 chunk |
+21 lines, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-no-cors-no-xorigin-expected.txt
|
View
|
|
1 chunk |
+5 lines, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-no-cors-no-xorigin-with-creds.html
|
View
|
|
1 chunk |
+22 lines, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-script-no-cors-no-xorigin-with-creds-expected.txt
|
View
|
|
1 chunk |
+5 lines, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-style-cors.html
|
View
|
|
1 chunk |
+23 lines, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-style-cors-bad-integrity.html
|
View
|
|
1 chunk |
+23 lines, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-style-cors-no-xorigin.html
|
View
|
|
1 chunk |
+22 lines, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-style-no-cors.html
|
View
|
|
1 chunk |
+23 lines, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-style-no-cors-bad-integrity.html
|
View
|
|
1 chunk |
+23 lines, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-style-no-cors-no-xorigin.html
|
View
|
|
1 chunk |
+22 lines, -0 lines |
0 comments
|
Download
|
|
A |
LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-style-no-cors-no-xorigin-with-creds.html
|
View
|
|
1 chunk |
+22 lines, -0 lines |
0 comments
|
Download
|
|
M |
Source/core/dom/ScriptLoader.cpp
|
View
|
|
3 chunks |
+11 lines, -7 lines |
0 comments
|
Download
|
|
M |
Source/core/fetch/Resource.h
|
View
|
|
1 chunk |
+4 lines, -2 lines |
0 comments
|
Download
|
|
M |
Source/core/fetch/Resource.cpp
|
View
|
|
1 chunk |
+8 lines, -2 lines |
0 comments
|
Download
|
|
M |
Source/core/fetch/ResourceFetcher.h
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
|
M |
Source/core/fetch/ResourceFetcher.cpp
|
View
|
|
2 chunks |
+2 lines, -2 lines |
0 comments
|
Download
|
|
M |
Source/core/fetch/ResourceLoader.cpp
|
View
|
|
2 chunks |
+2 lines, -1 line |
0 comments
|
Download
|
|
M |
Source/core/fetch/ResourceLoaderHost.h
|
View
|
|
1 chunk |
+5 lines, -1 line |
0 comments
|
Download
|
|
M |
Source/core/frame/SubresourceIntegrity.h
|
View
|
|
1 chunk |
+2 lines, -1 line |
0 comments
|
Download
|
|
M |
Source/core/frame/SubresourceIntegrity.cpp
|
View
|
|
3 chunks |
+7 lines, -1 line |
0 comments
|
Download
|
|
M |
Source/core/frame/SubresourceIntegrityTest.cpp
|
View
|
|
3 chunks |
+46 lines, -15 lines |
0 comments
|
Download
|
|
M |
Source/core/html/HTMLLinkElement.cpp
|
View
|
|
1 chunk |
+1 line, -1 line |
0 comments
|
Download
|
Total messages: 6 (2 generated)
|
Chromium Code Reviews
Issue
997153003:
Recommit Enable SRI only for same origin and CORS content (Closed)
