The Vulnerability History Project

Warning: Our website does not support Internet Explorer, please use Edge instead.

Add counters for various ways of loading scripts with bad mimetypes

      Unchecked use of proxies could enable cross-origin reading of some CSV
files which contain sensitive non-numerical information. Tightening
down mimetype checking could provide a mitigating strategy. This patch
adds UseCounters to see how often scripts are used with different
mimetypes to determine what could be prohibited.

BUG=chromium:399951
R=adamk

Review URL: https://codereview.chromium.org/1413193010

Cr-Commit-Position: refs/heads/master@{#364013}

by Sue the Impala 2015-12-09 08:54:57 UTC

commit 6f9d55e0e902b20bcb8a38be6721f498a2a973ab

Chromium Fix CVE-2014-7939

third_party/WebKit/LayoutTests/http/tests/mime/javascript-mimetype-usecounters-expected.txt

-17

third_party/WebKit/LayoutTests/http/tests/mime/javascript-mimetype-usecounters.html

-93

third_party/WebKit/LayoutTests/http/tests/mime/resources/javascript-mimetype.php

-5

third_party/WebKit/Source/core/dom/ScriptLoader.cpp

+9 -27

third_party/WebKit/Source/core/dom/ScriptLoader.h

+1 -2

third_party/WebKit/Source/core/frame/UseCounter.h

-6