Closed Bug 1459078 Opened 7 years ago Closed 7 years ago

[wpt-sync] Sync PR 10833 - Handle some html/js polyglots in CORB confirmation sniffing.

Categories

(Core :: DOM: Core & HTML, enhancement, P4)

enhancement

Tracking

()

RESOLVED FIXED
mozilla62
Tracking Status
firefox62 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

()

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 10833 into mozilla-central (this bug is closed when the sync is complete). PR: https://github.com/w3c/web-platform-tests/pull/10833 Details from upstream follow. Lukasz Anforowicz <lukasza@chromium.org> wrote: > Handle some html/js polyglots in CORB confirmation sniffing. > > Cross-Origin Read Blocking (CORB) tries to protect certain resource > types (e.g. text/html). To be resilient against HTTP responses > mislabeled with an incorrect Content-Type, CORB sniffs the response body > to confirm if it truly is the protected type. > > Before this CL the confirmation sniffing logic decided to block > resources that are both a valid html and a valid javascript. > Blocking of such resources is undesirable, because it is disruptive to > existing websites that use such polyglot responses in <script> tags. > > After this CL, a HTML comment that contains a Javascript comment will > cause the confirmation sniffing to decide that the response is not > really a HTML document (this will prevent CORB blocking). > > Bug: 839425 > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo > Change-Id: Ie790a81c2742513aed9fda45edd0bb2976bd0fc6 > Reviewed-on: https://chromium-review.googlesource.com/1042820 > WPT-Export-Revision: e11a22212343caab843693309ef554bd46400903
Component: web-platform-tests → DOM
Product: Testing → Core
Ran 1 tests and 1 subtests OK : 1 PASS : 1
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/21d78161c10a [wpt PR 10833] - Handle some html/js polyglots in CORB confirmation sniffing., a=testonly
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla62
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.