diff options
-rw-r--r-- | dom/base/nsContentUtils.cpp | 20 | ||||
-rw-r--r-- | dom/base/nsContentUtils.h | 7 | ||||
-rw-r--r-- | netwerk/protocol/http/nsHttpChannel.cpp | 2 | ||||
-rw-r--r-- | testing/web-platform/tests/fetch/nosniff/script.html | 4 |
4 files changed, 10 insertions, 23 deletions
diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp index 02c6bf1deb..ef87a250ec 100644 --- a/dom/base/nsContentUtils.cpp +++ b/dom/base/nsContentUtils.cpp @@ -3717,11 +3717,15 @@ nsContentUtils::IsChildOfSameType(nsIDocument* aDoc) } bool -nsContentUtils::IsScriptType(const nsACString& aContentType) +nsContentUtils::IsPlainTextType(const nsACString& aContentType) { // NOTE: if you add a type here, add it to the CONTENTDLF_CATEGORIES // define in nsContentDLF.h as well. - return aContentType.EqualsLiteral(APPLICATION_JAVASCRIPT) || + return aContentType.EqualsLiteral(TEXT_PLAIN) || + aContentType.EqualsLiteral(TEXT_CSS) || + aContentType.EqualsLiteral(TEXT_CACHE_MANIFEST) || + aContentType.EqualsLiteral(TEXT_VTT) || + aContentType.EqualsLiteral(APPLICATION_JAVASCRIPT) || aContentType.EqualsLiteral(APPLICATION_XJAVASCRIPT) || aContentType.EqualsLiteral(TEXT_ECMASCRIPT) || aContentType.EqualsLiteral(APPLICATION_ECMASCRIPT) || @@ -3731,18 +3735,6 @@ nsContentUtils::IsScriptType(const nsACString& aContentType) } bool -nsContentUtils::IsPlainTextType(const nsACString& aContentType) -{ - // NOTE: if you add a type here, add it to the CONTENTDLF_CATEGORIES - // define in nsContentDLF.h as well. - return aContentType.EqualsLiteral(TEXT_PLAIN) || - aContentType.EqualsLiteral(TEXT_CSS) || - aContentType.EqualsLiteral(TEXT_CACHE_MANIFEST) || - aContentType.EqualsLiteral(TEXT_VTT) || - IsScriptType(aContentType); -} - -bool nsContentUtils::GetWrapperSafeScriptFilename(nsIDocument* aDocument, nsIURI* aURI, nsACString& aScriptURI, diff --git a/dom/base/nsContentUtils.h b/dom/base/nsContentUtils.h index 0a293d73ea..0932f451e5 100644 --- a/dom/base/nsContentUtils.h +++ b/dom/base/nsContentUtils.h @@ -1018,12 +1018,7 @@ public: static bool IsChildOfSameType(nsIDocument* aDoc); /** - '* Returns true if the content-type is any of the supported script types. - */ - static bool IsScriptType(const nsACString& aContentType); - - /** - '* Returns true if the content-type will be rendered as plain-text. + * Returns true if the content-type will be rendered as plain-text. */ static bool IsPlainTextType(const nsACString& aContentType); diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp index ce0f45dabe..94b0d9bf93 100644 --- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp @@ -1152,7 +1152,7 @@ ProcessXCTO(nsIURI* aURI, nsHttpResponseHead* aResponseHead, nsILoadInfo* aLoadI } if (aLoadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_SCRIPT) { - if (nsContentUtils::IsScriptType(contentType)) { + if (nsContentUtils::IsJavascriptMIMEType(NS_ConvertUTF8toUTF16(contentType))) { return NS_OK; } ReportTypeBlocking(aURI, aLoadInfo, "MimeTypeMismatch"); diff --git a/testing/web-platform/tests/fetch/nosniff/script.html b/testing/web-platform/tests/fetch/nosniff/script.html index 667f3c99a6..c5c5167f57 100644 --- a/testing/web-platform/tests/fetch/nosniff/script.html +++ b/testing/web-platform/tests/fetch/nosniff/script.html @@ -4,8 +4,8 @@ <script> var log = function() {}, // see comment below p = function() {}, // see comment below - fails = ["", "?type=", "?type=x", "?type=x/x"], - passes = ["?type=text/javascript", "?type=text/ecmascript", "?type=text/ecmascript;blah"] + fails = ["", "?type=", "?type=x", "?type=x/x", "?type=text/json"], + passes = ["?type=text/javascript", "?type=text/ecmascript", "?type=text/ecmascript;blah", "?type=text/javascript1.0"] // Ideally we'd also check whether the scripts in fact execute, but that would involve // timers and might get a bit racy without cross-browser support for the execute events. |