corysanin/tubestation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug 1877792 - Part 11: Only allow expected mime types r=dom-worker-reviewers,dom-core,asuth,hsivonen

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D218558
This commit is contained in:
Jonatan Klemets
2024-08-22 14:21:52 +00:00
parent 939678147a
commit 2cb8c6cf67
4 changed files with 49 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
dom/script/ScriptLoader.cpp
View File

@@ -3868,6 +3868,25 @@ bool ScriptLoader::ShouldCompileOffThread(ScriptLoadRequest* aRequest) {
return false;
}
static bool MimeTypeMatchesExpectedModuleType(
nsIChannel* aChannel, JS::ModuleType expectedModuleType) {
nsAutoCString mimeType;
aChannel->GetContentType(mimeType);
NS_ConvertUTF8toUTF16 typeString(mimeType);
if (expectedModuleType == JS::ModuleType::JavaScript &&
nsContentUtils::IsJavascriptMIMEType(typeString)) {
return true;
}
if (expectedModuleType == JS::ModuleType::JSON &&
nsContentUtils::IsJsonMimeType(typeString)) {
return true;
}
return false;
}
nsresult ScriptLoader::PrepareLoadedRequest(ScriptLoadRequest* aRequest,
nsIIncrementalStreamLoader* aLoader,
nsresult aStatus) {
@@ -3959,12 +3978,9 @@ nsresult ScriptLoader::PrepareLoadedRequest(ScriptLoadRequest* aRequest,
if (aRequest->IsModuleRequest()) {
ModuleLoadRequest* request = aRequest->AsModuleRequest();
// When loading a module, only responses with a JavaScript MIME type are
// When loading a module, only responses with an expected MIME type are
// acceptable.
nsAutoCString mimeType;
channel->GetContentType(mimeType);
NS_ConvertUTF8toUTF16 typeString(mimeType);
if (!nsContentUtils::IsJavascriptMIMEType(typeString)) {
if (!MimeTypeMatchesExpectedModuleType(channel, request->mModuleType)) {
return NS_ERROR_FAILURE;
}