mirror of
https://github.com/servo/servo.git
synced 2025-08-03 04:30:10 +01:00
Ignore mime type parameters in nosniff
This patch implements the following changes: - Only check for the toplevel/sublevel part of the mime type when deciding if it's a js or css resource, ignoring the mime parameters. - Fix the wpt tests that did not escape url parameters properly and also used an invalid syntax for the mime parameter. - Update the wpt manifest.
This commit is contained in:
parent
34d0e59849
commit
990b85049e
6 changed files with 72 additions and 34 deletions
|
@ -559,10 +559,10 @@ pub fn should_be_blocked_due_to_nosniff(request_type: Type, response_headers: &H
|
|||
mime!(Text / ("x-javascript")),
|
||||
];
|
||||
|
||||
javascript_mime_types.contains(mime_type)
|
||||
javascript_mime_types.iter()
|
||||
.any(|mime| mime.0 == mime_type.0 && mime.1 == mime_type.1)
|
||||
}
|
||||
|
||||
let text_css: Mime = mime!(Text / Css);
|
||||
// Assumes str::starts_with is equivalent to mime::TopLevel
|
||||
return match request_type {
|
||||
// Step 6
|
||||
|
@ -575,8 +575,8 @@ pub fn should_be_blocked_due_to_nosniff(request_type: Type, response_headers: &H
|
|||
// Step 7
|
||||
Type::Style => {
|
||||
match content_type_header {
|
||||
Some(&ContentType(ref mime_type)) => mime_type != &text_css,
|
||||
None => true
|
||||
Some(&ContentType(Mime(TopLevel::Text, SubLevel::Css, _))) => false,
|
||||
_ => true
|
||||
}
|
||||
}
|
||||
// Step 8
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue