- Revision
- 216199
- Author
- dba...@webkit.org
- Date
- 2017-05-04 12:49:48 -0700 (Thu, 04 May 2017)
Log Message
Cleanup: Extract CachedScript::mimeTypeAllowedByNosniff() into a common function
https://bugs.webkit.org/show_bug.cgi?id=171678
Reviewed by Andy Estes.
Extract CachedScript::mimeTypeAllowedByNosniff() into a common function that can
be shared by LoadableClassicScript and WorkerScriptLoader.
No functionality was changed. So, no new tests.
* dom/LoadableClassicScript.cpp:
(WebCore::LoadableClassicScript::notifyFinished): Modified to use WebCore::isScriptAllowedByNosniff().
* loader/cache/CachedScript.cpp:
(WebCore::CachedScript::mimeType): Deleted; incorporated into WebCore::isScriptAllowedByNosniff().
(WebCore::CachedScript::mimeTypeAllowedByNosniff): Deleted; incorporated into WebCore::isScriptAllowedByNosniff().
* loader/cache/CachedScript.h:
* platform/network/ResourceResponseBase.cpp:
(WebCore::isScriptAllowedByNosniff): Added. Note that it is sufficient to extract the MIME type
as-is and query the MIME type registry because the MIME type registry performs look ups case-insensitively.
* platform/network/ResourceResponseBase.h:
* workers/WorkerScriptLoader.cpp:
(WebCore::WorkerScriptLoader::didReceiveResponse): Modified to use WebCore::isScriptAllowedByNosniff().
(WebCore::mimeTypeAllowedByNosniff): Deleted.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (216198 => 216199)
--- trunk/Source/WebCore/ChangeLog 2017-05-04 18:39:03 UTC (rev 216198)
+++ trunk/Source/WebCore/ChangeLog 2017-05-04 19:49:48 UTC (rev 216199)
@@ -1,3 +1,29 @@
+2017-05-04 Daniel Bates <daba...@apple.com>
+
+ Cleanup: Extract CachedScript::mimeTypeAllowedByNosniff() into a common function
+ https://bugs.webkit.org/show_bug.cgi?id=171678
+
+ Reviewed by Andy Estes.
+
+ Extract CachedScript::mimeTypeAllowedByNosniff() into a common function that can
+ be shared by LoadableClassicScript and WorkerScriptLoader.
+
+ No functionality was changed. So, no new tests.
+
+ * dom/LoadableClassicScript.cpp:
+ (WebCore::LoadableClassicScript::notifyFinished): Modified to use WebCore::isScriptAllowedByNosniff().
+ * loader/cache/CachedScript.cpp:
+ (WebCore::CachedScript::mimeType): Deleted; incorporated into WebCore::isScriptAllowedByNosniff().
+ (WebCore::CachedScript::mimeTypeAllowedByNosniff): Deleted; incorporated into WebCore::isScriptAllowedByNosniff().
+ * loader/cache/CachedScript.h:
+ * platform/network/ResourceResponseBase.cpp:
+ (WebCore::isScriptAllowedByNosniff): Added. Note that it is sufficient to extract the MIME type
+ as-is and query the MIME type registry because the MIME type registry performs look ups case-insensitively.
+ * platform/network/ResourceResponseBase.h:
+ * workers/WorkerScriptLoader.cpp:
+ (WebCore::WorkerScriptLoader::didReceiveResponse): Modified to use WebCore::isScriptAllowedByNosniff().
+ (WebCore::mimeTypeAllowedByNosniff): Deleted.
+
2017-05-04 Sam Weinig <s...@webkit.org>
Make the [EnabledBySetting] extended attribute work for any attribute or operation on a prototype
Modified: trunk/Source/WebCore/dom/LoadableClassicScript.cpp (216198 => 216199)
--- trunk/Source/WebCore/dom/LoadableClassicScript.cpp 2017-05-04 18:39:03 UTC (rev 216198)
+++ trunk/Source/WebCore/dom/LoadableClassicScript.cpp 2017-05-04 19:49:48 UTC (rev 216199)
@@ -84,7 +84,7 @@
}
#if ENABLE(NOSNIFF)
- if (!m_error && !m_cachedScript->mimeTypeAllowedByNosniff()) {
+ if (!m_error && !isScriptAllowedByNosniff(m_cachedScript->response())) {
m_error = Error {
ErrorType::Nosniff,
ConsoleMessage {
Modified: trunk/Source/WebCore/loader/cache/CachedScript.cpp (216198 => 216199)
--- trunk/Source/WebCore/loader/cache/CachedScript.cpp 2017-05-04 18:39:03 UTC (rev 216198)
+++ trunk/Source/WebCore/loader/cache/CachedScript.cpp 2017-05-04 19:49:48 UTC (rev 216199)
@@ -30,9 +30,6 @@
#include "CachedResourceClient.h"
#include "CachedResourceClientWalker.h"
#include "CachedResourceRequest.h"
-#include "HTTPHeaderNames.h"
-#include "HTTPParsers.h"
-#include "MIMETypeRegistry.h"
#include "RuntimeApplicationChecks.h"
#include "SharedBuffer.h"
#include "TextResourceDecoder.h"
@@ -59,11 +56,6 @@
return m_decoder->encoding().name();
}
-String CachedScript::mimeType() const
-{
- return extractMIMETypeFromMediaType(m_response.httpHeaderField(HTTPHeaderName::ContentType)).convertToASCIILowercase();
-}
-
StringView CachedScript::script()
{
if (!m_data)
@@ -132,13 +124,6 @@
m_decoder = script.m_decoder;
}
-#if ENABLE(NOSNIFF)
-bool CachedScript::mimeTypeAllowedByNosniff() const
-{
- return parseContentTypeOptionsHeader(m_response.httpHeaderField(HTTPHeaderName::XContentTypeOptions)) != ContentTypeOptionsNosniff || MIMETypeRegistry::isSupportedJavaScriptMIMEType(mimeType());
-}
-#endif
-
bool CachedScript::shouldIgnoreHTTPStatusCodeErrors() const
{
#if PLATFORM(MAC)
Modified: trunk/Source/WebCore/loader/cache/CachedScript.h (216198 => 216199)
--- trunk/Source/WebCore/loader/cache/CachedScript.h 2017-05-04 18:39:03 UTC (rev 216198)
+++ trunk/Source/WebCore/loader/cache/CachedScript.h 2017-05-04 19:49:48 UTC (rev 216199)
@@ -39,13 +39,7 @@
StringView script();
unsigned scriptHash();
-#if ENABLE(NOSNIFF)
- bool mimeTypeAllowedByNosniff() const;
-#endif
-
private:
- String mimeType() const;
-
bool mayTryReplaceEncodedData() const final { return true; }
bool shouldIgnoreHTTPStatusCodeErrors() const final;
Modified: trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp (216198 => 216199)
--- trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp 2017-05-04 18:39:03 UTC (rev 216198)
+++ trunk/Source/WebCore/platform/network/ResourceResponseBase.cpp 2017-05-04 19:49:48 UTC (rev 216199)
@@ -30,6 +30,7 @@
#include "CacheValidation.h"
#include "HTTPHeaderNames.h"
#include "HTTPParsers.h"
+#include "MIMETypeRegistry.h"
#include "ParsedContentRange.h"
#include "ResourceResponse.h"
#include <wtf/CurrentTime.h>
@@ -39,6 +40,16 @@
namespace WebCore {
+#if ENABLE(NOSNIFF)
+bool isScriptAllowedByNosniff(const ResourceResponse& response)
+{
+ if (parseContentTypeOptionsHeader(response.httpHeaderField(HTTPHeaderName::XContentTypeOptions)) != ContentTypeOptionsNosniff)
+ return true;
+ String mimeType = extractMIMETypeFromMediaType(response.httpHeaderField(HTTPHeaderName::ContentType));
+ return MIMETypeRegistry::isSupportedJavaScriptMIMEType(mimeType);
+}
+#endif
+
ResourceResponseBase::ResourceResponseBase()
: m_isNull(true)
, m_expectedContentLength(0)
Modified: trunk/Source/WebCore/platform/network/ResourceResponseBase.h (216198 => 216199)
--- trunk/Source/WebCore/platform/network/ResourceResponseBase.h 2017-05-04 18:39:03 UTC (rev 216198)
+++ trunk/Source/WebCore/platform/network/ResourceResponseBase.h 2017-05-04 19:49:48 UTC (rev 216199)
@@ -38,6 +38,10 @@
class ResourceResponse;
+#if ENABLE(NOSNIFF)
+bool isScriptAllowedByNosniff(const ResourceResponse&);
+#endif
+
// Do not use this class directly, use the class ResponseResponse instead
class ResourceResponseBase {
WTF_MAKE_FAST_ALLOCATED;
Modified: trunk/Source/WebCore/workers/WorkerScriptLoader.cpp (216198 => 216199)
--- trunk/Source/WebCore/workers/WorkerScriptLoader.cpp 2017-05-04 18:39:03 UTC (rev 216198)
+++ trunk/Source/WebCore/workers/WorkerScriptLoader.cpp 2017-05-04 19:49:48 UTC (rev 216199)
@@ -28,8 +28,6 @@
#include "WorkerScriptLoader.h"
#include "ContentSecurityPolicy.h"
-#include "HTTPParsers.h"
-#include "MIMETypeRegistry.h"
#include "ResourceResponse.h"
#include "ScriptExecutionContext.h"
#include "TextResourceDecoder.h"
@@ -113,14 +111,6 @@
return request;
}
-#if ENABLE(NOSNIFF)
-static bool mimeTypeAllowedByNosniff(const ResourceResponse& response)
-{
- String mimeType = extractMIMETypeFromMediaType(response.httpHeaderField(HTTPHeaderName::ContentType));
- return parseContentTypeOptionsHeader(response.httpHeaderField(HTTPHeaderName::XContentTypeOptions)) != ContentTypeOptionsNosniff || MIMETypeRegistry::isSupportedJavaScriptMIMEType(mimeType);
-}
-#endif
-
void WorkerScriptLoader::didReceiveResponse(unsigned long identifier, const ResourceResponse& response)
{
if (response.httpStatusCode() / 100 != 2 && response.httpStatusCode()) {
@@ -129,7 +119,7 @@
}
#if ENABLE(NOSNIFF)
- if (!mimeTypeAllowedByNosniff(response)) {
+ if (!isScriptAllowedByNosniff(response)) {
m_failed = true;
return;
}