diff options
| author | Moonchild <mcwerewolf@gmail.com> | 2018-04-03 23:11:28 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-04-03 23:11:28 +0200 |
| commit | 3cdf6463345a7c15c10d444dfdc1d6f3da46ae84 (patch) | |
| tree | 5d2154765f4117040b5a6452acc66bb413267bb1 | |
| parent | 0214272da2cb0b9ffa253ddfa5f0c4eaf2c7bde8 (diff) | |
| parent | 78ed508bbe3b7afd3e3f5c8d9110c92e71c6a8ee (diff) | |
| download | palemoon-gre-3cdf6463345a7c15c10d444dfdc1d6f3da46ae84.tar.gz | |
Merge pull request #1661 from JustOff/PR_nosniff_JavascriptMIMEType
Align XCTO: nosniff allowed script MIME types with the spec
| -rw-r--r-- | dom/base/nsContentUtils.cpp | 22 | ||||
| -rw-r--r-- | dom/base/nsContentUtils.h | 5 | ||||
| -rw-r--r-- | netwerk/protocol/http/nsHttpChannel.cpp | 2 |
3 files changed, 8 insertions, 21 deletions
diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp index 3d7d99a4a..d944c4140 100644 --- a/dom/base/nsContentUtils.cpp +++ b/dom/base/nsContentUtils.cpp @@ -3438,20 +3438,6 @@ nsContentUtils::IsChildOfSameType(nsIDocument* aDoc) return sameTypeParent != nullptr; } -bool -nsContentUtils::IsScriptType(const nsACString& aContentType) -{ - // NOTE: if you add a type here, add it to the CONTENTDLF_CATEGORIES - // define in nsContentDLF.h as well. - return aContentType.EqualsLiteral(APPLICATION_JAVASCRIPT) || - aContentType.EqualsLiteral(APPLICATION_XJAVASCRIPT) || - aContentType.EqualsLiteral(TEXT_ECMASCRIPT) || - aContentType.EqualsLiteral(APPLICATION_ECMASCRIPT) || - aContentType.EqualsLiteral(TEXT_JAVASCRIPT) || - aContentType.EqualsLiteral(APPLICATION_JSON) || - aContentType.EqualsLiteral(TEXT_JSON); -} - bool nsContentUtils::IsPlainTextType(const nsACString& aContentType) { @@ -3461,7 +3447,13 @@ nsContentUtils::IsPlainTextType(const nsACString& aContentType) aContentType.EqualsLiteral(TEXT_CSS) || aContentType.EqualsLiteral(TEXT_CACHE_MANIFEST) || aContentType.EqualsLiteral(TEXT_VTT) || - IsScriptType(aContentType); + aContentType.EqualsLiteral(APPLICATION_JAVASCRIPT) || + aContentType.EqualsLiteral(APPLICATION_XJAVASCRIPT) || + aContentType.EqualsLiteral(TEXT_ECMASCRIPT) || + aContentType.EqualsLiteral(APPLICATION_ECMASCRIPT) || + aContentType.EqualsLiteral(TEXT_JAVASCRIPT) || + aContentType.EqualsLiteral(APPLICATION_JSON) || + aContentType.EqualsLiteral(TEXT_JSON); } bool diff --git a/dom/base/nsContentUtils.h b/dom/base/nsContentUtils.h index 4ad84e34a..6b00c301f 100644 --- a/dom/base/nsContentUtils.h +++ b/dom/base/nsContentUtils.h @@ -876,11 +876,6 @@ public: static bool IsChildOfSameType(nsIDocument* aDoc); /** - '* Returns true if the content-type is any of the supported script types. - */ - static bool IsScriptType(const nsACString& aContentType); - - /** '* Returns true if the content-type will be rendered as plain-text. */ static bool IsPlainTextType(const nsACString& aContentType); diff --git a/netwerk/protocol/http/nsHttpChannel.cpp b/netwerk/protocol/http/nsHttpChannel.cpp index f864a05f3..1c7865032 100644 --- a/netwerk/protocol/http/nsHttpChannel.cpp +++ b/netwerk/protocol/http/nsHttpChannel.cpp @@ -1385,7 +1385,7 @@ ProcessXCTO(nsHttpResponseHead* aResponseHead, nsILoadInfo* aLoadInfo) } if (aLoadInfo->GetContentPolicyType() == nsIContentPolicy::TYPE_SCRIPT) { - if (nsContentUtils::IsScriptType(contentType)) { + if (nsContentUtils::IsJavascriptMIMEType(NS_ConvertUTF8toUTF16(contentType))) { return NS_OK; } return NS_ERROR_CORRUPTED_CONTENT; |