The Vulnerability History Project

Stop sniffing 'image/*' into script.

      If a resource is served with an image MIME type, we should not sniff it
into script when loaded via <script>. See [1] and [2] for examples of
the badness this can cause.

[1]: http://iamajin.blogspot.in/2014/11/when-gifs-serve-javascript.html
[2]: http://jklmnn.de/imagejs/

I hope this change is web-compatible, but adding a UseCounter just to
make sure we can keep an eye on things as it rolls out through Beta
and Stable.

------------------------------------------------------------------------
This is a re-land of https://crrev.com/755993003, which was reverted due
to differences between Android and everything else with regard to layout
test setup. In short, Android sent mime type headers, while other of our
platforms didn't. This patch rewrite the effected test.
------------------------------------------------------------------------

BUG=433049

Review URL: https://codereview.chromium.org/856483002

git-svn-id: svn://svn.chromium.org/blink/trunk@188472 bbb929c8-8fbe-4397-9dbb-9b2b20218538

by Wallace the Slow Worm 2015-01-15 15:13:31 UTC

commit 68588b94a477621f608620ef8d36459c81e00e11

Chromium

third_party/WebKit/LayoutTests/FlakyTests

+1

third_party/WebKit/LayoutTests/http/tests/mime/reload-subresource-when-type-changes-expected.txt

-8

third_party/WebKit/LayoutTests/http/tests/mime/reload-subresource-when-type-changes.html

-49

third_party/WebKit/LayoutTests/http/tests/mime/resources/reload-subresource-when-type-changes.js

-1

third_party/WebKit/LayoutTests/http/tests/security/contentTypeOptions/block-image-as-script.html