RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 12:38:12 +00:00
Code Issues Activity Actions

LibWeb: Implement more close to spec javascript mime type checking

Browse source 
Previously we would simply check the an input string against a list of
mime type essences, ignoring that the input might not be a valid mime
type or contain parameters.

This patch moves the helpers into the MimeSniff namespace and properly
parses an input string before comparing the essence.
This commit is contained in:
networkException 2022-09-17 17:57:30 +02:00 committed by Andreas Kling
parent 93464d4e41
commit 297e293a3f
3 changed files with 39 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Userland/Libraries/LibWeb/HTML/HTMLScriptElement.cpp
View file

@ -17,6 +17,7 @@
#include <LibWeb/HTML/Scripting/ClassicScript.h> #include <LibWeb/HTML/Scripting/ClassicScript.h>
#include <LibWeb/Infra/CharacterTypes.h> #include <LibWeb/Infra/CharacterTypes.h>
#include <LibWeb/Loader/ResourceLoader.h> #include <LibWeb/Loader/ResourceLoader.h>
#include <LibWeb/MimeSniff/MimeType.h>
namespace Web::HTML { namespace Web::HTML {
@ -108,13 +109,6 @@ void HTMLScriptElement::execute_script()
dispatch_event(*DOM::Event::create(realm(), HTML::EventNames::load)); dispatch_event(*DOM::Event::create(realm(), HTML::EventNames::load));
} }
// https://mimesniff.spec.whatwg.org/#javascript-mime-type-essence-match
static bool is_javascript_mime_type_essence_match(String const& string)
{
auto lowercase_string = string.to_lowercase();
return lowercase_string.is_one_of("application/ecmascript", "application/javascript", "application/x-ecmascript", "application/x-javascript", "text/ecmascript", "text/javascript", "text/javascript1.0", "text/javascript1.1", "text/javascript1.2", "text/javascript1.3", "text/javascript1.4", "text/javascript1.5", "text/jscript", "text/livescript", "text/x-ecmascript", "text/x-javascript");
}
// https://html.spec.whatwg.org/multipage/scripting.html#prepare-a-script // https://html.spec.whatwg.org/multipage/scripting.html#prepare-a-script
void HTMLScriptElement::prepare_script() void HTMLScriptElement::prepare_script()
{ {
@ -169,7 +163,7 @@ void HTMLScriptElement::prepare_script()
} }
// Determine the script's type as follows: // Determine the script's type as follows:
if (is_javascript_mime_type_essence_match(script_block_type.trim(Infra::ASCII_WHITESPACE))) { if (MimeSniff::is_javascript_mime_type_essence_match(script_block_type.trim(Infra::ASCII_WHITESPACE))) {
// - If the script block's type string with leading and trailing ASCII whitespace stripped is a JavaScript MIME type essence match, the script's type is "classic". // - If the script block's type string with leading and trailing ASCII whitespace stripped is a JavaScript MIME type essence match, the script's type is "classic".
m_script_type = ScriptType::Classic; m_script_type = ScriptType::Classic;
} else if (script_block_type.equals_ignoring_case("module"sv)) { } else if (script_block_type.equals_ignoring_case("module"sv)) {

33
Userland/Libraries/LibWeb/MimeSniff/MimeType.cpp
View file

@ -1,6 +1,7 @@
/* /*
* Copyright (c) 2022, Luke Wilde <lukew@serenityos.org> * Copyright (c) 2022, Luke Wilde <lukew@serenityos.org>
* Copyright (c) 2022, Linus Groh <linusg@serenityos.org> * Copyright (c) 2022, Linus Groh <linusg@serenityos.org>
* Copyright (c) 2022, networkException <networkexception@serenityos.org>
* *
* SPDX-License-Identifier: BSD-2-Clause * SPDX-License-Identifier: BSD-2-Clause
*/ */
@ -13,6 +14,16 @@
namespace Web::MimeSniff { namespace Web::MimeSniff {
// https://mimesniff.spec.whatwg.org/#javascript-mime-type-essence-match
bool is_javascript_mime_type_essence_match(String const& string)
{
// NOTE: The mime type parser automatically lowercases the essence.
auto type = MimeType::from_string(string);
if (!type.has_value())
return false;
return type->is_javascript();
}
static bool contains_only_http_quoted_string_token_code_points(StringView string) static bool contains_only_http_quoted_string_token_code_points(StringView string)
{ {
// https://mimesniff.spec.whatwg.org/#http-quoted-string-token-code-point // https://mimesniff.spec.whatwg.org/#http-quoted-string-token-code-point
@ -221,4 +232,26 @@ void MimeType::set_parameter(String const& name, String const& value)
m_parameters.set(name, value); m_parameters.set(name, value);
} }
// https://mimesniff.spec.whatwg.org/#javascript-mime-type
bool MimeType::is_javascript() const
{
return essence().is_one_of(
"application/ecmascript"sv,
"application/javascript"sv,
"application/x-ecmascript"sv,
"application/x-javascript"sv,
"text/ecmascript"sv,
"text/javascript"sv,
"text/javascript1.0"sv,
"text/javascript1.1"sv,
"text/javascript1.2"sv,
"text/javascript1.3"sv,
"text/javascript1.4"sv,
"text/javascript1.5"sv,
"text/jscript"sv,
"text/livescript"sv,
"text/x-ecmascript"sv,
"text/x-javascript"sv);
}
} }

4
Userland/Libraries/LibWeb/MimeSniff/MimeType.h
View file

@ -12,6 +12,8 @@
namespace Web::MimeSniff { namespace Web::MimeSniff {
bool is_javascript_mime_type_essence_match(String const&);
// https://mimesniff.spec.whatwg.org/#mime-type // https://mimesniff.spec.whatwg.org/#mime-type
class MimeType { class MimeType {
public: public:
@ -24,6 +26,8 @@ public:
String const& subtype() const { return m_subtype; } String const& subtype() const { return m_subtype; }
OrderedHashMap<String, String> const& parameters() const { return m_parameters; } OrderedHashMap<String, String> const& parameters() const { return m_parameters; }
bool is_javascript() const;
void set_parameter(String const& name, String const& value); void set_parameter(String const& name, String const& value);
String essence() const; String essence() const;