commit 65f479e282054783fba9a44be7f9222bbbab8494
parent 8bbc0555146c22a734be9b56040b77a671e07338
Author: Tooru Fujisawa <arai_a@mac.com>
Date: Wed, 5 Nov 2025 04:09:46 +0000
Bug 1853173 - Part 3: Skip unnecessary SRI verification for invalid integrity attribute. r=nbp
Differential Revision: https://phabricator.services.mozilla.com/D271024
Diffstat:
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/dom/script/ScriptLoadHandler.cpp b/dom/script/ScriptLoadHandler.cpp
@@ -295,8 +295,8 @@ bool ScriptLoadHandler::TrySetDecoder(nsIIncrementalStreamLoader* aLoader,
nsresult ScriptLoadHandler::MaybeDecodeSRI(uint32_t* sriLength) {
*sriLength = 0;
- if (!mSRIDataVerifier || mSRIDataVerifier->IsComplete() ||
- NS_FAILED(mSRIStatus)) {
+ if (!mSRIDataVerifier || mSRIDataVerifier->IsInvalid() ||
+ mSRIDataVerifier->IsComplete() || NS_FAILED(mSRIStatus)) {
return NS_OK;
}
diff --git a/dom/security/SRICheck.h b/dom/security/SRICheck.h
@@ -67,6 +67,7 @@ class SRICheckDataVerifier final {
nsIConsoleReportCollector* aReporter);
bool IsComplete() const { return mComplete; }
+ bool IsInvalid() const { return mInvalidMetadata; }
// Report the length of the computed hash and its type, such that we can
// reserve the space for encoding it in a vector.
