Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-06-06 16:45:39 +00:00
Code Issues Projects Releases Packages Wiki Activity

Handle crossorigin in link and refactor crossorigin handling

Browse source 
Implemented Step three and handled step four of obtain the resource part
of 4.2.4 The link element.
Link to spec : https://html.spec.whatwg.org/multipage/semantics.html#concept-link-obtain

Refactored crossOrigin handling in HTMLScriptElement, HTMLImageElement
This commit is contained in:
mrnayak 2017-01-13 23:35:00 +05:30
parent dc93a72997
commit 3d9e44a8c4
10 changed files with 81 additions and 202 deletions
Download patch file Download diff file Expand all files Collapse all files

33
components/script/dom/element.rs
View file

@ -79,6 +79,7 @@ use html5ever::serialize::TraversalScope;
use html5ever::serialize::TraversalScope::{ChildrenOnly, IncludeNode};
use html5ever_atoms::{Prefix, LocalName, Namespace, QualName};
use js::jsapi::{HandleValue, JSAutoCompartment};
use net_traits::request::CorsSettings;
use parking_lot::RwLock;
use ref_filter_map::ref_filter_map;
use script_layout_interface::message::ReflowQueryType;
@ -2897,3 +2898,35 @@ impl Runnable for ElementPerformFullscreenExit {
promise.resolve(promise.global().get_cx(), HandleValue::undefined());
}
}
pub fn reflect_cross_origin_attribute(element: &Element) -> Option<DOMString> {
let attr = element.get_attribute(&ns!(), &local_name!("crossorigin"));
if let Some(mut val) = attr.map(|v| v.Value()) {
val.make_ascii_lowercase();
if val == "anonymous" || val == "use-credentials" {
return Some(val);
}
return Some(DOMString::from("anonymous"));
}
None
}
pub fn set_cross_origin_attribute(element: &Element, value: Option<DOMString>) {
match value {
Some(val) => element.set_string_attribute(&local_name!("crossorigin"), val),
None => {
element.remove_attribute(&ns!(), &local_name!("crossorigin"));
}
}
}
pub fn cors_setting_for_element(element: &Element) -> Option<CorsSettings> {
reflect_cross_origin_attribute(element).map_or(None, |attr| {
match &*attr {
"anonymous" => Some(CorsSettings::Anonymous),
"use-credentials" => Some(CorsSettings::UseCredentials),
_ => unreachable!()
}
})
}

10
components/script/dom/htmlimageelement.rs
View file

@ -19,6 +19,7 @@ use dom::bindings::refcounted::Trusted;
use dom::bindings::str::DOMString;
use dom::document::Document;
use dom::element::{AttributeMutation, Element, RawLayoutElementHelpers};
use dom::element::{reflect_cross_origin_attribute, set_cross_origin_attribute};
use dom::event::Event;
use dom::eventtarget::EventTarget;
use dom::htmlareaelement::HTMLAreaElement;
@ -335,9 +336,14 @@ impl HTMLImageElementMethods for HTMLImageElement {
make_setter!(SetSrc, "src");
// https://html.spec.whatwg.org/multipage/#dom-img-crossOrigin
make_enumerated_getter!(CrossOrigin, "crossorigin", "anonymous", "use-credentials");
fn GetCrossOrigin(&self) -> Option<DOMString> {
reflect_cross_origin_attribute(self.upcast::<Element>())
}
// https://html.spec.whatwg.org/multipage/#dom-img-crossOrigin
make_setter!(SetCrossOrigin, "crossorigin");
fn SetCrossOrigin(&self, value: Option<DOMString>) {
set_cross_origin_attribute(self.upcast::<Element>(), value);
}
// https://html.spec.whatwg.org/multipage/#dom-img-usemap
make_getter!(UseMap, "usemap");

16
components/script/dom/htmllinkelement.rs
View file

@ -15,6 +15,7 @@ use dom::cssstylesheet::CSSStyleSheet;
use dom::document::Document;
use dom::domtokenlist::DOMTokenList;
use dom::element::{AttributeMutation, Element, ElementCreator};
use dom::element::{cors_setting_for_element, reflect_cross_origin_attribute, set_cross_origin_attribute};
use dom::globalscope::GlobalScope;
use dom::htmlelement::HTMLElement;
use dom::node::{Node, document_from_node, window_from_node};
@ -239,6 +240,9 @@ impl HTMLLinkElement {
let element = self.upcast::<Element>();
// Step 3
let cors_setting = cors_setting_for_element(element);
let mq_attribute = element.get_attribute(&ns!(), &local_name!("media"));
let value = mq_attribute.r().map(|a| a.value());
let mq_str = match value {
@ -262,7 +266,7 @@ impl HTMLLinkElement {
loader.load(StylesheetContextSource::LinkElement {
url: url,
media: Some(media),
}, integrity_metadata.to_owned());
}, cors_setting, integrity_metadata.to_owned());
}
fn handle_favicon_url(&self, rel: &str, href: &str, sizes: &Option<String>) {
@ -379,6 +383,16 @@ impl HTMLLinkElementMethods for HTMLLinkElement {
// https://html.spec.whatwg.org/multipage/#dom-link-target
make_setter!(SetTarget, "target");
// https://html.spec.whatwg.org/multipage/#dom-link-crossorigin
fn GetCrossOrigin(&self) -> Option<DOMString> {
reflect_cross_origin_attribute(self.upcast::<Element>())
}
// https://html.spec.whatwg.org/multipage/#dom-link-crossorigin
fn SetCrossOrigin(&self, value: Option<DOMString>) {
set_cross_origin_attribute(self.upcast::<Element>(), value);
}
// https://drafts.csswg.org/cssom/#dom-linkstyle-sheet
fn GetSheet(&self) -> Option<Root<DOMStyleSheet>> {
self.get_cssom_stylesheet().map(Root::upcast)

29
components/script/dom/htmlscriptelement.rs
View file

@ -4,7 +4,6 @@
use document_loader::LoadType;
use dom::attr::Attr;
use dom::bindings::codegen::Bindings::AttrBinding::AttrMethods;
use dom::bindings::codegen::Bindings::DocumentBinding::DocumentMethods;
use dom::bindings::codegen::Bindings::HTMLScriptElementBinding;
use dom::bindings::codegen::Bindings::HTMLScriptElementBinding::HTMLScriptElementMethods;
@ -17,6 +16,7 @@ use dom::bindings::reflector::DomObject;
use dom::bindings::str::DOMString;
use dom::document::Document;
use dom::element::{AttributeMutation, Element, ElementCreator};
use dom::element::{cors_setting_for_element, reflect_cross_origin_attribute, set_cross_origin_attribute};
use dom::event::{Event, EventBubbles, EventCancelable};
use dom::eventdispatcher::EventStatus;
use dom::globalscope::GlobalScope;
@ -369,12 +369,7 @@ impl HTMLScriptElement {
.unwrap_or_else(|| doc.encoding());
// Step 14.
let cors_setting = match self.GetCrossOrigin() {
Some(ref s) if *s == "anonymous" => Some(CorsSettings::Anonymous),
Some(ref s) if *s == "use-credentials" => Some(CorsSettings::UseCredentials),
None => None,
_ => unreachable!()
};
let cors_setting = cors_setting_for_element(element);
// TODO: Step 15: Module script credentials mode.
@ -707,28 +702,12 @@ impl HTMLScriptElementMethods for HTMLScriptElement {
// https://html.spec.whatwg.org/multipage/#dom-script-crossorigin
fn GetCrossOrigin(&self) -> Option<DOMString> {
let element = self.upcast::<Element>();
let attr = element.get_attribute(&ns!(), &local_name!("crossorigin"));
if let Some(mut val) = attr.map(|v| v.Value()) {
val.make_ascii_lowercase();
if val == "anonymous" || val == "use-credentials" {
return Some(val);
}
return Some(DOMString::from("anonymous"));
}
None
reflect_cross_origin_attribute(self.upcast::<Element>())
}
// https://html.spec.whatwg.org/multipage/#dom-script-crossorigin
fn SetCrossOrigin(&self, value: Option<DOMString>) {
let element = self.upcast::<Element>();
match value {
Some(val) => element.set_string_attribute(&local_name!("crossorigin"), val),
None => {
element.remove_attribute(&ns!(), &local_name!("crossorigin"));
}
}
set_cross_origin_attribute(self.upcast::<Element>(), value);
}
// https://html.spec.whatwg.org/multipage/#dom-script-text

2
components/script/dom/webidls/HTMLImageElement.webidl
View file

@ -8,7 +8,7 @@ interface HTMLImageElement : HTMLElement {
attribute DOMString alt;
attribute DOMString src;
// attribute DOMString srcset;
attribute DOMString crossOrigin;
attribute DOMString? crossOrigin;
attribute DOMString useMap;
attribute boolean isMap;
attribute unsigned long width;

2
components/script/dom/webidls/HTMLLinkElement.webidl
View file

@ -5,7 +5,7 @@
// https://html.spec.whatwg.org/multipage/#htmllinkelement
interface HTMLLinkElement : HTMLElement {
attribute DOMString href;
// attribute DOMString crossOrigin;
attribute DOMString? crossOrigin;
attribute DOMString rel;
readonly attribute DOMTokenList relList;
attribute DOMString media;

23
components/script/stylesheet_loader.rs
View file

@ -20,7 +20,7 @@ use hyper_serde::Serde;
use ipc_channel::ipc;
use ipc_channel::router::ROUTER;
use net_traits::{FetchResponseListener, FetchMetadata, Metadata, NetworkError, ReferrerPolicy};
use net_traits::request::{CredentialsMode, Destination, RequestInit, Type as RequestType};
use net_traits::request::{CorsSettings, CredentialsMode, Destination, RequestInit, RequestMode, Type as RequestType};
use network_listener::{NetworkListener, PreInvoke};
use parking_lot::RwLock;
use script_layout_interface::message::Msg;
@ -196,7 +196,8 @@ impl<'a> StylesheetLoader<'a> {
}
impl<'a> StylesheetLoader<'a> {
pub fn load(&self, source: StylesheetContextSource, integrity_metadata: String) {
pub fn load(&self, source: StylesheetContextSource, cors_setting: Option<CorsSettings>,
integrity_metadata: String) {
let url = source.url();
let document = document_from_node(self.elem);
let context = Arc::new(Mutex::new(StylesheetContext {
@ -231,8 +232,18 @@ impl<'a> StylesheetLoader<'a> {
url: url.clone(),
type_: RequestType::Style,
destination: Destination::Style,
credentials_mode: CredentialsMode::Include,
use_url_credentials: true,
// https://html.spec.whatwg.org/multipage/#create-a-potential-cors-request
// Step 1
mode: match cors_setting {
Some(_) => RequestMode::CorsMode,
None => RequestMode::NoCors,
},
// https://html.spec.whatwg.org/multipage/#create-a-potential-cors-request
// Step 3-4
credentials_mode: match cors_setting {
Some(CorsSettings::Anonymous) => CredentialsMode::CredentialsSameOrigin,
_ => CredentialsMode::Include,
},
origin: document.url(),
pipeline_id: Some(self.elem.global().pipeline_id()),
referrer_url: Some(document.url()),
@ -247,6 +258,8 @@ impl<'a> StylesheetLoader<'a> {
impl<'a> StyleStylesheetLoader for StylesheetLoader<'a> {
fn request_stylesheet(&self, import: &Arc<RwLock<ImportRule>>) {
self.load(StylesheetContextSource::Import(import.clone()), "".to_owned())
//TODO (mrnayak) : Whether we should use the original loader's CORS setting?
//Fix this when spec has more details.
self.load(StylesheetContextSource::Import(import.clone()), None, "".to_owned())
}
}

6
tests/wpt/metadata/html/dom/interfaces.html.ini
View file

@ -1041,15 +1041,9 @@
[HTMLBaseElement interface: document.createElement("base") must inherit property "target" with the proper type (1)]
expected: FAIL
[HTMLLinkElement interface: attribute crossOrigin]
expected: FAIL
[HTMLLinkElement interface: attribute sizes]
expected: FAIL
[HTMLLinkElement interface: document.createElement("link") must inherit property "crossOrigin" with the proper type (1)]
expected: FAIL
[HTMLLinkElement interface: document.createElement("link") must inherit property "sizes" with the proper type (7)]
expected: FAIL

156
tests/wpt/metadata/html/dom/reflection-metadata.html.ini
View file

@ -2715,12 +2715,6 @@
[link.tabIndex: IDL set to -2147483648 followed by getAttribute()]
expected: FAIL
[link.crossOrigin: typeof IDL attribute]
expected: FAIL
[link.crossOrigin: IDL get with DOM attribute unset]
expected: FAIL
[link.crossOrigin: setAttribute() to "" followed by IDL get]
expected: FAIL
@ -8832,156 +8826,6 @@
[link.tabIndex: IDL set to -2147483648]
expected: FAIL
[link.crossOrigin: setAttribute() to ""]
expected: FAIL
[link.crossOrigin: setAttribute() to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
expected: FAIL
[link.crossOrigin: setAttribute() to undefined]
expected: FAIL
[link.crossOrigin: setAttribute() to 7]
expected: FAIL
[link.crossOrigin: setAttribute() to 1.5]
expected: FAIL
[link.crossOrigin: setAttribute() to true]
expected: FAIL
[link.crossOrigin: setAttribute() to false]
expected: FAIL
[link.crossOrigin: setAttribute() to object "[object Object\]"]
expected: FAIL
[link.crossOrigin: setAttribute() to NaN]
expected: FAIL
[link.crossOrigin: setAttribute() to Infinity]
expected: FAIL
[link.crossOrigin: setAttribute() to -Infinity]
expected: FAIL
[link.crossOrigin: setAttribute() to "\\0"]
expected: FAIL
[link.crossOrigin: setAttribute() to null]
expected: FAIL
[link.crossOrigin: setAttribute() to object "test-toString"]
expected: FAIL
[link.crossOrigin: setAttribute() to object "test-valueOf"]
expected: FAIL
[link.crossOrigin: setAttribute() to "anonymous"]
expected: FAIL
[link.crossOrigin: setAttribute() to "xanonymous"]
expected: FAIL
[link.crossOrigin: setAttribute() to "anonymous\\0"]
expected: FAIL
[link.crossOrigin: setAttribute() to "nonymous"]
expected: FAIL
[link.crossOrigin: setAttribute() to "ANONYMOUS"]
expected: FAIL
[link.crossOrigin: setAttribute() to "use-credentials"]
expected: FAIL
[link.crossOrigin: setAttribute() to "xuse-credentials"]
expected: FAIL
[link.crossOrigin: setAttribute() to "use-credentials\\0"]
expected: FAIL
[link.crossOrigin: setAttribute() to "se-credentials"]
expected: FAIL
[link.crossOrigin: setAttribute() to "USE-CREDENTIALS"]
expected: FAIL
[link.crossOrigin: IDL set to ""]
expected: FAIL
[link.crossOrigin: IDL set to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
expected: FAIL
[link.crossOrigin: IDL set to undefined]
expected: FAIL
[link.crossOrigin: IDL set to 7]
expected: FAIL
[link.crossOrigin: IDL set to 1.5]
expected: FAIL
[link.crossOrigin: IDL set to true]
expected: FAIL
[link.crossOrigin: IDL set to false]
expected: FAIL
[link.crossOrigin: IDL set to object "[object Object\]"]
expected: FAIL
[link.crossOrigin: IDL set to NaN]
expected: FAIL
[link.crossOrigin: IDL set to Infinity]
expected: FAIL
[link.crossOrigin: IDL set to -Infinity]
expected: FAIL
[link.crossOrigin: IDL set to "\\0"]
expected: FAIL
[link.crossOrigin: IDL set to null]
expected: FAIL
[link.crossOrigin: IDL set to object "test-toString"]
expected: FAIL
[link.crossOrigin: IDL set to object "test-valueOf"]
expected: FAIL
[link.crossOrigin: IDL set to "anonymous"]
expected: FAIL
[link.crossOrigin: IDL set to "xanonymous"]
expected: FAIL
[link.crossOrigin: IDL set to "anonymous\\0"]
expected: FAIL
[link.crossOrigin: IDL set to "nonymous"]
expected: FAIL
[link.crossOrigin: IDL set to "ANONYMOUS"]
expected: FAIL
[link.crossOrigin: IDL set to "use-credentials"]
expected: FAIL
[link.crossOrigin: IDL set to "xuse-credentials"]
expected: FAIL
[link.crossOrigin: IDL set to "use-credentials\\0"]
expected: FAIL
[link.crossOrigin: IDL set to "se-credentials"]
expected: FAIL
[link.crossOrigin: IDL set to "USE-CREDENTIALS"]
expected: FAIL
[meta.dir: setAttribute() to ""]
expected: FAIL

6
tests/wpt/metadata/subresource-integrity/subresource-integrity.sub.html.ini
View file

@ -1,8 +1,7 @@
[subresource-integrity.sub.html]
type: testharness
expected: OK
[Style: <crossorigin='anonymous'> with correct hash, ACAO: *]
expected: FAIL
[Style: Same-origin with correct sha256 and sha512 hash, rel='alternate stylesheet' enabled]
expected: FAIL
@ -13,9 +12,6 @@
[Style: Same-origin with sha256 match, sha512 mismatch]
expected: FAIL
[Style: <crossorigin='use-credentials'> with correct hash, CORS-eligible]
expected: FAIL
[Style: <crossorigin='anonymous'> with CORS-ineligible resource]
expected: FAIL