Closed
Bug 1459078
Opened 7 years ago
Closed 7 years ago
[wpt-sync] Sync PR 10833 - Handle some html/js polyglots in CORB confirmation sniffing.
Categories
(Core :: DOM: Core & HTML, enhancement, P4)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla62
Tracking | Status | |
---|---|---|
firefox62 | --- | fixed |
People
(Reporter: wpt-sync, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 10833 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/w3c/web-platform-tests/pull/10833
Details from upstream follow.
Lukasz Anforowicz <lukasza@chromium.org> wrote:
> Handle some html/js polyglots in CORB confirmation sniffing.
>
> Cross-Origin Read Blocking (CORB) tries to protect certain resource
> types (e.g. text/html). To be resilient against HTTP responses
> mislabeled with an incorrect Content-Type, CORB sniffs the response body
> to confirm if it truly is the protected type.
>
> Before this CL the confirmation sniffing logic decided to block
> resources that are both a valid html and a valid javascript.
> Blocking of such resources is undesirable, because it is disruptive to
> existing websites that use such polyglot responses in <script> tags.
>
> After this CL, a HTML comment that contains a Javascript comment will
> cause the confirmation sniffing to decide that the response is not
> really a HTML document (this will prevent CORB blocking).
>
> Bug: 839425
> Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo
> Change-Id: Ie790a81c2742513aed9fda45edd0bb2976bd0fc6
> Reviewed-on: https://chromium-review.googlesource.com/1042820
> WPT-Export-Revision: e11a22212343caab843693309ef554bd46400903
Reporter | ||
Updated•7 years ago
|
Component: web-platform-tests → DOM
Product: Testing → Core
Reporter | ||
Comment 1•7 years ago
|
||
Reporter | ||
Comment 2•7 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=31dd22329fc81eca4110645ef1811f64ebff4254
Reporter | ||
Comment 3•7 years ago
|
||
Reporter | ||
Comment 4•7 years ago
|
||
Ran 1 tests and 1 subtests
OK : 1
PASS : 1
Reporter | ||
Comment 5•7 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=413237281b887dab3fcb7838c388bb37f6fdb335
Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/21d78161c10a
[wpt PR 10833] - Handle some html/js polyglots in CORB confirmation sniffing., a=testonly
Comment 7•7 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox62:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla62
Assignee | ||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•