Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2025-02-25 20:01:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1843066 - Provide the nonce for speculative <script> preloads. r=smaug

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D183390
This commit is contained in:
Tom Schuster 2023-07-21 17:28:02 +00:00
parent ecff00a7ba
commit 115b5bd777
8 changed files with 46 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
dom/script/ScriptLoader.cpp
View File

@ -3542,14 +3542,12 @@ void ScriptLoader::ParsingComplete(bool aTerminated) {
}
}
void ScriptLoader::PreloadURI(nsIURI* aURI, const nsAString& aCharset,
const nsAString& aType,
const nsAString& aCrossOrigin,
const nsAString& aIntegrity, bool aScriptFromHead,
bool aAsync, bool aDefer, bool aNoModule,
bool aLinkPreload,
const ReferrerPolicy aReferrerPolicy,
uint64_t aEarlyHintPreloaderId) {
void ScriptLoader::PreloadURI(
nsIURI* aURI, const nsAString& aCharset, const nsAString& aType,
const nsAString& aCrossOrigin, const nsAString& aNonce,
const nsAString& aIntegrity, bool aScriptFromHead, bool aAsync, bool aDefer,
bool aNoModule, bool aLinkPreload, const ReferrerPolicy aReferrerPolicy,
uint64_t aEarlyHintPreloaderId) {
NS_ENSURE_TRUE_VOID(mDocument);
// Check to see if scripts has been turned off.
if (!mEnabled || !mDocument->IsScriptEnabled()) {
@ -3592,8 +3590,8 @@ void ScriptLoader::PreloadURI(nsIURI* aURI, const nsAString& aCharset,
// as a normal load.
RefPtr<ScriptLoadRequest> request =
CreateLoadRequest(scriptKind, aURI, nullptr, mDocument->NodePrincipal(),
Element::StringToCORSMode(aCrossOrigin),
/* aNonce = */ u""_ns, sriMetadata, aReferrerPolicy,
Element::StringToCORSMode(aCrossOrigin), aNonce,
sriMetadata, aReferrerPolicy,
aLinkPreload ? ParserMetadata::NotParserInserted
: ParserMetadata::ParserInserted);
request->GetScriptLoadContext()->mIsInline = false;

6
dom/script/ScriptLoader.h
View File

@ -378,9 +378,9 @@ class ScriptLoader final : public JS::loader::ScriptLoaderInterface {
*/
virtual void PreloadURI(nsIURI* aURI, const nsAString& aCharset,
const nsAString& aType, const nsAString& aCrossOrigin,
const nsAString& aIntegrity, bool aScriptFromHead,
bool aAsync, bool aDefer, bool aNoModule,
bool aLinkPreload,
const nsAString& aNonce, const nsAString& aIntegrity,
bool aScriptFromHead, bool aAsync, bool aDefer,
bool aNoModule, bool aLinkPreload,
const ReferrerPolicy aReferrerPolicy,
uint64_t aEarlyHintPreloaderId);

8
parser/html/nsHtml5SpeculativeLoad.cpp
View File

@ -63,7 +63,7 @@ void nsHtml5SpeculativeLoad::Perform(nsHtml5TreeOpExecutor* aExecutor) {
aExecutor->PreloadScript(
mUrlOrSizes, mCharsetOrSrcset,
mTypeOrCharsetSourceOrDocumentModeOrMetaCSPOrSizesOrIntegrity,
mCrossOrigin, mMedia, mReferrerPolicyOrIntegrity,
mCrossOrigin, mMedia, mNonce, mReferrerPolicyOrIntegrity,
mScriptReferrerPolicy, false, mIsAsync, mIsDefer, false,
mIsLinkPreload);
break;
@ -71,7 +71,7 @@ void nsHtml5SpeculativeLoad::Perform(nsHtml5TreeOpExecutor* aExecutor) {
aExecutor->PreloadScript(
mUrlOrSizes, mCharsetOrSrcset,
mTypeOrCharsetSourceOrDocumentModeOrMetaCSPOrSizesOrIntegrity,
mCrossOrigin, mMedia, mReferrerPolicyOrIntegrity,
mCrossOrigin, mMedia, mNonce, mReferrerPolicyOrIntegrity,
mScriptReferrerPolicy, true, mIsAsync, mIsDefer, false,
mIsLinkPreload);
break;
@ -79,7 +79,7 @@ void nsHtml5SpeculativeLoad::Perform(nsHtml5TreeOpExecutor* aExecutor) {
aExecutor->PreloadScript(
mUrlOrSizes, mCharsetOrSrcset,
mTypeOrCharsetSourceOrDocumentModeOrMetaCSPOrSizesOrIntegrity,
mCrossOrigin, mMedia, mReferrerPolicyOrIntegrity,
mCrossOrigin, mMedia, mNonce, mReferrerPolicyOrIntegrity,
mScriptReferrerPolicy, false, mIsAsync, mIsDefer, true,
mIsLinkPreload);
break;
@ -87,7 +87,7 @@ void nsHtml5SpeculativeLoad::Perform(nsHtml5TreeOpExecutor* aExecutor) {
aExecutor->PreloadScript(
mUrlOrSizes, mCharsetOrSrcset,
mTypeOrCharsetSourceOrDocumentModeOrMetaCSPOrSizesOrIntegrity,
mCrossOrigin, mMedia, mReferrerPolicyOrIntegrity,
mCrossOrigin, mMedia, mNonce, mReferrerPolicyOrIntegrity,
mScriptReferrerPolicy, true, mIsAsync, mIsDefer, true,
mIsLinkPreload);
break;

9
parser/html/nsHtml5SpeculativeLoad.h
View File

@ -168,7 +168,8 @@ class nsHtml5SpeculativeLoad {
inline void InitScript(nsHtml5String aUrl, nsHtml5String aCharset,
nsHtml5String aType, nsHtml5String aCrossOrigin,
nsHtml5String aMedia, nsHtml5String aIntegrity,
nsHtml5String aMedia, nsHtml5String aNonce,
nsHtml5String aIntegrity,
nsHtml5String aReferrerPolicy, bool aParserInHead,
bool aAsync, bool aDefer, bool aNoModule,
bool aLinkPreload) {
@ -187,6 +188,7 @@ class nsHtml5SpeculativeLoad {
mTypeOrCharsetSourceOrDocumentModeOrMetaCSPOrSizesOrIntegrity);
aCrossOrigin.ToString(mCrossOrigin);
aMedia.ToString(mMedia);
aNonce.ToString(mNonce);
aIntegrity.ToString(mReferrerPolicyOrIntegrity);
nsAutoString referrerPolicy;
aReferrerPolicy.ToString(referrerPolicy);
@ -406,6 +408,11 @@ class nsHtml5SpeculativeLoad {
* will be a void string.
*/
nsString mMedia;
/**
* If mOpCode is eSpeculativeLoadScript[FromHead] this represents the value
* of the "nonce" attribute.
*/
nsString mNonce;
/**
* If mOpCode is eSpeculativeLoadScript[FromHead] this represents the value
* of the "referrerpolicy" attribute. This field holds one of the values

22
parser/html/nsHtml5TreeBuilderCppSupplement.h
View File

@ -249,6 +249,8 @@ nsIContentHandle* nsHtml5TreeBuilder::createElement(
aAttributes->getValue(nsHtml5AttributeName::ATTR_CHARSET);
nsHtml5String crossOrigin =
aAttributes->getValue(nsHtml5AttributeName::ATTR_CROSSORIGIN);
nsHtml5String nonce =
aAttributes->getValue(nsHtml5AttributeName::ATTR_NONCE);
nsHtml5String integrity =
aAttributes->getValue(nsHtml5AttributeName::ATTR_INTEGRITY);
nsHtml5String referrerPolicy = aAttributes->getValue(
@ -260,7 +262,7 @@ nsIContentHandle* nsHtml5TreeBuilder::createElement(
bool noModule =
aAttributes->contains(nsHtml5AttributeName::ATTR_NOMODULE);
mSpeculativeLoadQueue.AppendElement()->InitScript(
url, charset, type, crossOrigin, /* aMedia = */ nullptr,
url, charset, type, crossOrigin, /* aMedia = */ nullptr, nonce,
integrity, referrerPolicy, mode == nsHtml5TreeBuilder::IN_HEAD,
async, defer, noModule, false);
mCurrentHtmlScriptIsAsyncOrDefer = async || defer;
@ -327,9 +329,10 @@ nsIContentHandle* nsHtml5TreeBuilder::createElement(
nsHtml5String type =
aAttributes->getValue(nsHtml5AttributeName::ATTR_TYPE);
mSpeculativeLoadQueue.AppendElement()->InitScript(
url, charset, type, crossOrigin, media, integrity,
referrerPolicy, mode == nsHtml5TreeBuilder::IN_HEAD,
false, false, false, true);
url, charset, type, crossOrigin, media,
/* aNonce */ nullptr, integrity, referrerPolicy,
mode == nsHtml5TreeBuilder::IN_HEAD, false, false, false,
true);
} else if (as.LowerCaseEqualsASCII("style")) {
mSpeculativeLoadQueue.AppendElement()->InitStyle(
url, charset, crossOrigin, media, referrerPolicy,
@ -376,9 +379,10 @@ nsIContentHandle* nsHtml5TreeBuilder::createElement(
nsHtml5String referrerPolicy = aAttributes->getValue(
nsHtml5AttributeName::ATTR_REFERRERPOLICY);
mSpeculativeLoadQueue.AppendElement()->InitScript(
url, charset, type, crossOrigin, media, integrity,
referrerPolicy, mode == nsHtml5TreeBuilder::IN_HEAD,
false, false, false, true);
url, charset, type, crossOrigin, media,
/* aNonce */ nullptr, integrity, referrerPolicy,
mode == nsHtml5TreeBuilder::IN_HEAD, false, false, false,
true);
}
}
}
@ -469,12 +473,14 @@ nsIContentHandle* nsHtml5TreeBuilder::createElement(
aAttributes->getValue(nsHtml5AttributeName::ATTR_TYPE);
nsHtml5String crossOrigin =
aAttributes->getValue(nsHtml5AttributeName::ATTR_CROSSORIGIN);
nsHtml5String nonce =
aAttributes->getValue(nsHtml5AttributeName::ATTR_NONCE);
nsHtml5String integrity =
aAttributes->getValue(nsHtml5AttributeName::ATTR_INTEGRITY);
nsHtml5String referrerPolicy = aAttributes->getValue(
nsHtml5AttributeName::ATTR_REFERRERPOLICY);
mSpeculativeLoadQueue.AppendElement()->InitScript(
url, nullptr, type, crossOrigin, /* aMedia = */ nullptr,
url, nullptr, type, crossOrigin, /* aMedia = */ nullptr, nonce,
integrity, referrerPolicy, mode == nsHtml5TreeBuilder::IN_HEAD,
false, false, false, false);
}

10
parser/html/nsHtml5TreeOpExecutor.cpp
View File

@ -1205,9 +1205,9 @@ dom::ReferrerPolicy nsHtml5TreeOpExecutor::GetPreloadReferrerPolicy(
void nsHtml5TreeOpExecutor::PreloadScript(
const nsAString& aURL, const nsAString& aCharset, const nsAString& aType,
const nsAString& aCrossOrigin, const nsAString& aMedia,
const nsAString& aIntegrity, dom::ReferrerPolicy aReferrerPolicy,
bool aScriptFromHead, bool aAsync, bool aDefer, bool aNoModule,
bool aLinkPreload) {
const nsAString& aNonce, const nsAString& aIntegrity,
dom::ReferrerPolicy aReferrerPolicy, bool aScriptFromHead, bool aAsync,
bool aDefer, bool aNoModule, bool aLinkPreload) {
nsCOMPtr<nsIURI> uri = ConvertIfNotPreloadedYetAndMediaApplies(aURL, aMedia);
if (!uri) {
return;
@ -1217,8 +1217,8 @@ void nsHtml5TreeOpExecutor::PreloadScript(
return;
}
mDocument->ScriptLoader()->PreloadURI(
uri, aCharset, aType, aCrossOrigin, aIntegrity, aScriptFromHead, aAsync,
aDefer, aNoModule, aLinkPreload,
uri, aCharset, aType, aCrossOrigin, aNonce, aIntegrity, aScriptFromHead,
aAsync, aDefer, aNoModule, aLinkPreload,
GetPreloadReferrerPolicy(aReferrerPolicy), 0);
}

3
parser/html/nsHtml5TreeOpExecutor.h
View File

@ -245,7 +245,8 @@ class nsHtml5TreeOpExecutor final
void PreloadScript(const nsAString& aURL, const nsAString& aCharset,
const nsAString& aType, const nsAString& aCrossOrigin,
const nsAString& aMedia, const nsAString& aIntegrity,
const nsAString& aMedia, const nsAString& aNonce,
const nsAString& aIntegrity,
ReferrerPolicy aReferrerPolicy, bool aScriptFromHead,
bool aAsync, bool aDefer, bool aNoModule,
bool aLinkPreload);

4
uriloader/preload/PreloadService.cpp
View File

@ -211,8 +211,8 @@ void PreloadService::PreloadScript(nsIURI* aURI, const nsAString& aType,
bool aScriptFromHead,
uint64_t aEarlyHintPreloaderId) {
mDocument->ScriptLoader()->PreloadURI(
aURI, aCharset, aType, aCrossOrigin, aIntegrity, aScriptFromHead, false,
false, false, true, PreloadReferrerPolicy(aReferrerPolicy),
aURI, aCharset, aType, aCrossOrigin, u""_ns, aIntegrity, aScriptFromHead,
false, false, false, true, PreloadReferrerPolicy(aReferrerPolicy),
aEarlyHintPreloaderId);
}