diff options
| author | Vincent Ricard <ghostd@users.noreply.github.com> | 2025-05-19 13:38:01 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-05-19 11:38:01 +0000 |
| commit | 6e97fc0bc47b6c3c5af9b1750f01f268b6b200f5 (patch) | |
| tree | 66ed4fced2f39f7cebda142057c516c821226309 /components/net/fetch/methods.rs | |
| parent | d8837e4a52583bfa5e519017026c3e5b58451ac5 (diff) | |
| download | servo-6e97fc0bc47b6c3c5af9b1750f01f268b6b200f5.tar.gz servo-6e97fc0bc47b6c3c5af9b1750f01f268b6b200f5.zip | |
Use spec compliant content-type extraction in more places and enable a `<stylesheet>` quirk (#28321)
This changes includes two semi-related things:
1. Fixes some specification compliance issues when parsing mime
types and charsets for `XMLHttpRequest`.
2. Implements a `<stylesheet>` parsing quirk involving mime types.
Testing: There are tests for these changes.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
Diffstat (limited to 'components/net/fetch/methods.rs')
| -rw-r--r-- | components/net/fetch/methods.rs | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/components/net/fetch/methods.rs b/components/net/fetch/methods.rs index 65c173fce3b..33d0da952fb 100644 --- a/components/net/fetch/methods.rs +++ b/components/net/fetch/methods.rs @@ -18,6 +18,7 @@ use http::{HeaderValue, Method, StatusCode}; use ipc_channel::ipc; use log::{debug, trace, warn}; use mime::{self, Mime}; +use net_traits::fetch::headers::extract_mime_type_as_mime; use net_traits::filemanager_thread::{FileTokenCheck, RelativePos}; use net_traits::http_status::HttpStatus; use net_traits::policy_container::{PolicyContainer, RequestPolicyContainer}; @@ -886,7 +887,7 @@ pub fn should_be_blocked_due_to_nosniff( // Step 2 // Note: an invalid MIME type will produce a `None`. - let content_type_header = response_headers.typed_get::<ContentType>(); + let mime_type = extract_mime_type_as_mime(response_headers); /// <https://html.spec.whatwg.org/multipage/#scriptingLanguages> #[inline] @@ -915,16 +916,12 @@ pub fn should_be_blocked_due_to_nosniff( .any(|mime| mime.type_() == mime_type.type_() && mime.subtype() == mime_type.subtype()) } - match content_type_header { + match mime_type { // Step 4 - Some(ref ct) if destination.is_script_like() => { - !is_javascript_mime_type(&ct.clone().into()) - }, - + Some(ref mime_type) if destination.is_script_like() => !is_javascript_mime_type(mime_type), // Step 5 - Some(ref ct) if destination == Destination::Style => { - let m: mime::Mime = ct.clone().into(); - m.type_() != mime::TEXT && m.subtype() != mime::CSS + Some(ref mime_type) if destination == Destination::Style => { + mime_type.type_() != mime::TEXT && mime_type.subtype() != mime::CSS }, None if destination == Destination::Style || destination.is_script_like() => true, @@ -938,18 +935,22 @@ fn should_be_blocked_due_to_mime_type( destination: Destination, response_headers: &HeaderMap, ) -> bool { - // Step 1 - let mime_type: mime::Mime = match response_headers.typed_get::<ContentType>() { - Some(header) => header.into(), + // Step 1: Let mimeType be the result of extracting a MIME type from response’s header list. + let mime_type: mime::Mime = match extract_mime_type_as_mime(response_headers) { + Some(mime_type) => mime_type, + // Step 2: If mimeType is failure, then return allowed. None => return false, }; - // Step 2-3 + // Step 3: Let destination be request’s destination. + // Step 4: If destination is script-like and one of the following is true, then return blocked: + // - mimeType’s essence starts with "audio/", "image/", or "video/". + // - mimeType’s essence is "text/csv". + // Step 5: Return allowed. destination.is_script_like() && match mime_type.type_() { mime::AUDIO | mime::VIDEO | mime::IMAGE => true, mime::TEXT if mime_type.subtype() == mime::CSV => true, - // Step 4 _ => false, } } |