summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--dom/base/nsContentUtils.cpp20
-rw-r--r--dom/base/nsContentUtils.h7
-rw-r--r--netwerk/protocol/http/nsHttpChannel.cpp2
-rw-r--r--testing/web-platform/tests/fetch/nosniff/script.html4
4 files changed, 10 insertions, 23 deletions
diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp
index 02c6bf1deb..ef87a250ec 100644
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -3717,11 +3717,15 @@ nsContentUtils::IsChildOfSameType(nsIDocument* aDoc)
}
bool
-nsContentUtils::IsScriptType(const nsACString& aContentType)
+nsContentUtils::IsPlainTextType(const nsACString& aContentType)
{
// NOTE: if you add a type here, add it to the CONTENTDLF_CATEGORIES
// define in nsContentDLF.h as well.
- return aContentType.EqualsLiteral(APPLICATION_JAVASCRIPT) ||
+ return aContentType.EqualsLiteral(TEXT_PLAIN) ||
+ aContentType.EqualsLiteral(TEXT_CSS) ||
+ aContentType.EqualsLiteral(TEXT_CACHE_MANIFEST) ||
+ aContentType.EqualsLiteral(TEXT_VTT) ||
+ aContentType.EqualsLiteral(APPLICATION_JAVASCRIPT) ||
aContentType.EqualsLiteral(APPLICATION_XJAVASCRIPT) ||
aContentType.EqualsLiteral(TEXT_ECMASCRIPT) ||
aContentType.EqualsLiteral(APPLICATION_ECMASCRIPT) ||
@@ -3731,18 +3735,6 @@ nsContentUtils::IsScriptType(const nsACString& aContentType)
}
bool
-nsContentUtils::IsPlainTextType(const nsACString& aContentType)
-{
- // NOTE: if you add a type here, add it to the CONTENTDLF_CATEGORIES
- // define in nsContentDLF.h as well.
- return aContentType.EqualsLiteral(TEXT_PLAIN) ||
- aContentType.EqualsLiteral(TEXT_CSS) ||
- aContentType.EqualsLiteral(TEXT_CACHE_MANIFEST) ||
- aContentType.EqualsLiteral(TEXT_VTT) ||
- IsScriptType(aContentType);
-}
-
-bool
nsContentUtils::GetWrapperSafeScriptFilename(nsIDocument* aDocument,
nsIURI* aURI,
nsACString& aScriptURI,
diff --git a/dom/base/nsContentUtils.h b/dom/base/nsContentUtils.h
index 0a293d73ea..0932f451e5 100644
--- a/dom/base/nsContentUtils.h
+++ b/dom/base/nsContentUtils.h
@@ -1018,12 +1018,7 @@ public:
static bool IsChildOfSameType(nsIDocument* aDoc);
/**
- '* Returns true if the content-type is any of the supported script types.
- */
- static bool IsScriptType(const nsACString& aContentType);
-
- /**
- '* Returns true if the content-type will be rendered as plain-text.
+ * Returns true if the content-type will be rendered as plain-text.
*/
static bool IsPlainTextType(const nsACString& aContentType);
diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp
index ce0f45dabe..94b0d9bf93 100644
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -1152,7 +1152,7 @@ ProcessXCTO(nsIURI* aURI, nsHttpResponseHead* aResponseHead, nsILoadInfo* aLoadI
}
if (aLoadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_SCRIPT) {
- if (nsContentUtils::IsScriptType(contentType)) {
+ if (nsContentUtils::IsJavascriptMIMEType(NS_ConvertUTF8toUTF16(contentType))) {
return NS_OK;
}
ReportTypeBlocking(aURI, aLoadInfo, "MimeTypeMismatch");
diff --git a/testing/web-platform/tests/fetch/nosniff/script.html b/testing/web-platform/tests/fetch/nosniff/script.html
index 667f3c99a6..c5c5167f57 100644
--- a/testing/web-platform/tests/fetch/nosniff/script.html
+++ b/testing/web-platform/tests/fetch/nosniff/script.html
@@ -4,8 +4,8 @@
<script>
var log = function() {}, // see comment below
p = function() {}, // see comment below
- fails = ["", "?type=", "?type=x", "?type=x/x"],
- passes = ["?type=text/javascript", "?type=text/ecmascript", "?type=text/ecmascript;blah"]
+ fails = ["", "?type=", "?type=x", "?type=x/x", "?type=text/json"],
+ passes = ["?type=text/javascript", "?type=text/ecmascript", "?type=text/ecmascript;blah", "?type=text/javascript1.0"]
// Ideally we'd also check whether the scripts in fact execute, but that would involve
// timers and might get a bit racy without cross-browser support for the execute events.