Ladybird/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-06-08 05:27:14 +09:00
Code Activity
ladybird/Libraries/LibWeb/Fetch/Infrastructure/NoSniffBlocking.cpp
Shannon Booth 579730d861 LibWeb: Prefer using equals_ignoring_ascii_case 
Which has an optmization if both size of the string being passed
through are FlyStrings, which actually ends up being the case
in some places during selector matching comparing attribute names.
Instead of maintaining more overloads of
Infra::is_ascii_case_insensitive_match, switch
everything over to equals_ignoring_ascii_case instead.
2025-05-21 13:45:02 +01:00

58 lines
2.3 KiB
C++
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*
* Copyright (c) 2022-2023, Linus Groh <linusg@serenityos.org>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <LibWeb/Fetch/Infrastructure/HTTP/Headers.h>
#include <LibWeb/Fetch/Infrastructure/HTTP/Requests.h>
#include <LibWeb/Fetch/Infrastructure/HTTP/Responses.h>
#include <LibWeb/Fetch/Infrastructure/NoSniffBlocking.h>
#include <LibWeb/Infra/Strings.h>
namespace Web::Fetch::Infrastructure {
// https://fetch.spec.whatwg.org/#determine-nosniff
bool determine_nosniff(HeaderList const& list)
{
// 1. Let values be the result of getting, decoding, and splitting `X-Content-Type-Options` from list.
auto values = list.get_decode_and_split("X-Content-Type-Options"sv.bytes());
// 2. If values is null, then return false.
if (!values.has_value())
return false;
// 3. If values[0] is an ASCII case-insensitive match for "nosniff", then return true.
if (!values->is_empty() && values->at(0).equals_ignoring_ascii_case("nosniff"sv))
return true;
// 4. Return false.
return false;
}
// https://fetch.spec.whatwg.org/#should-response-to-request-be-blocked-due-to-nosniff?
RequestOrResponseBlocking should_response_to_request_be_blocked_due_to_nosniff(Response const& response, Request const& request)
{
// 1. If determine nosniff with responses header list is false, then return allowed.
if (!determine_nosniff(response.header_list()))
return RequestOrResponseBlocking::Allowed;
// 2. Let mimeType be the result of extracting a MIME type from responses header list.
auto mime_type = response.header_list()->extract_mime_type();
// 3. Let destination be requests destination.
auto const& destination = request.destination();
// 4. If destination is script-like and mimeType is failure or is not a JavaScript MIME type, then return blocked.
if (request.destination_is_script_like() && (!mime_type.has_value() || !mime_type->is_javascript()))
return RequestOrResponseBlocking::Blocked;
// 5. If destination is "style" and mimeType is failure or its essence is not "text/css", then return blocked.
if (destination == Request::Destination::Style && (!mime_type.has_value() || mime_type->essence() != "text/css"sv))
return RequestOrResponseBlocking::Blocked;
// 6. Return allowed.
return RequestOrResponseBlocking::Allowed;
}
}
View git blame Copy permalink