diff --git a/dom/script/ScriptLoadHandler.cpp b/dom/script/ScriptLoadHandler.cpp
index 051648c04da8..5ea583a30230 100644
--- a/dom/script/ScriptLoadHandler.cpp
+++ b/dom/script/ScriptLoadHandler.cpp
@@ -312,7 +312,12 @@ nsresult ScriptLoadHandler::EnsureKnownDataType(
TRACE_FOR_TEST(mRequest->Element(), "scriptloader_load_source");
return NS_OK;
}
- return NS_ERROR_FAILURE;
+
+ // If the request isn't allowed to accept BinAST, fallback to text
+ // source. The possibly binary source will be passed to normal
+ // JS parser and will throw error there.
+ mRequest->SetTextSource();
+ return NS_OK;
}
}
}
diff --git a/dom/script/ScriptLoadRequest.cpp b/dom/script/ScriptLoadRequest.cpp
index 36dd2d9f1012..814d2776b567 100644
--- a/dom/script/ScriptLoadRequest.cpp
+++ b/dom/script/ScriptLoadRequest.cpp
@@ -9,6 +9,7 @@
#include "mozilla/HoldDropJSObjects.h"
#include "mozilla/Unused.h"
+#include "nsContentUtils.h"
#include "nsICacheInfoChannel.h"
#include "ScriptLoadRequest.h"
#include "ScriptSettings.h"
@@ -195,7 +196,18 @@ bool ScriptLoadRequest::ShouldAcceptBinASTEncoding() const {
MOZ_ASSERT(NS_SUCCEEDED(rv));
Unused << rv;
- return isHTTPS;
+ if (!isHTTPS) {
+ return false;
+ }
+
+ if (StaticPrefs::dom_script_loader_binast_encoding_domain_restrict()) {
+ if (!nsContentUtils::IsURIInPrefList(
+ mURI, "dom.script_loader.binast_encoding.domain.restrict.list")) {
+ return false;
+ }
+ }
+
+ return true;
#else
MOZ_CRASH("BinAST not supported");
#endif
diff --git a/modules/libpref/init/StaticPrefList.h b/modules/libpref/init/StaticPrefList.h
index 93292cae551c..cbf47ba1fd26 100644
--- a/modules/libpref/init/StaticPrefList.h
+++ b/modules/libpref/init/StaticPrefList.h
@@ -419,6 +419,12 @@ VARCACHE_PREF(
dom_script_loader_binast_encoding_enabled,
RelaxedAtomicBool, false
)
+
+VARCACHE_PREF(
+ "dom.script_loader.binast_encoding.domain.restrict",
+ dom_script_loader_binast_encoding_domain_restrict,
+ bool, true
+)
#endif
// IMPORTANT: Keep this in condition in sync with all.js. The value
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
index 45ab414b28d2..0daed929a730 100644
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -264,6 +264,7 @@ pref("dom.script_loader.bytecode_cache.strategy", 0);
#ifdef JS_BUILD_BINAST
pref("dom.script_loader.binast_encoding.enabled", false);
+pref("dom.script_loader.binast_encoding.domain.restrict.list", "*.facebook.com,static.xx.fbcdn.net");
#endif
// Whether window.event is enabled
diff --git a/testing/web-platform/mozilla/meta/binast/domain-restrict-excluded.https.html.ini b/testing/web-platform/mozilla/meta/binast/domain-restrict-excluded.https.html.ini
new file mode 100644
index 000000000000..55417dd59454
--- /dev/null
+++ b/testing/web-platform/mozilla/meta/binast/domain-restrict-excluded.https.html.ini
@@ -0,0 +1,3 @@
+[domain-restrict-excluded.https.html]
+ prefs: [dom.script_loader.binast_encoding.domain.restrict:true,
+ dom.script_loader.binast_encoding.domain.restrict.list:]
diff --git a/testing/web-platform/mozilla/meta/binast/domain-restrict-included.https.html.ini b/testing/web-platform/mozilla/meta/binast/domain-restrict-included.https.html.ini
new file mode 100644
index 000000000000..1545dfe1a311
--- /dev/null
+++ b/testing/web-platform/mozilla/meta/binast/domain-restrict-included.https.html.ini
@@ -0,0 +1,7 @@
+[domain-restrict-included.https.html]
+ prefs: [dom.script_loader.binast_encoding.domain.restrict:true,
+ dom.script_loader.binast_encoding.domain.restrict.list:web-platform.test]
+ [Check we can load BinAST if the host is included in the list]
+ expected:
+ if release_or_beta or (os == "android") or ((os == "win") and (processor == "x86")): FAIL
+
diff --git a/testing/web-platform/mozilla/meta/binast/large.https.html.ini b/testing/web-platform/mozilla/meta/binast/large.https.html.ini
index 09b41aa4e582..91e737c7a3c1 100644
--- a/testing/web-platform/mozilla/meta/binast/large.https.html.ini
+++ b/testing/web-platform/mozilla/meta/binast/large.https.html.ini
@@ -1,4 +1,5 @@
[large.https.html]
+ prefs: [dom.script_loader.binast_encoding.domain.restrict:false]
[Check we can load BinAST over HTTPS]
expected:
if release_or_beta or (os == "android") or ((os == "win") and (processor == "x86")): FAIL
diff --git a/testing/web-platform/mozilla/meta/binast/not-secure.html.ini b/testing/web-platform/mozilla/meta/binast/not-secure.html.ini
new file mode 100644
index 000000000000..de66d2623255
--- /dev/null
+++ b/testing/web-platform/mozilla/meta/binast/not-secure.html.ini
@@ -0,0 +1,2 @@
+[not-secure.html]
+ prefs: [dom.script_loader.binast_encoding.domain.restrict:false]
diff --git a/testing/web-platform/mozilla/meta/binast/small.https.html.ini b/testing/web-platform/mozilla/meta/binast/small.https.html.ini
index d6d6a8b023a4..87c46000a426 100644
--- a/testing/web-platform/mozilla/meta/binast/small.https.html.ini
+++ b/testing/web-platform/mozilla/meta/binast/small.https.html.ini
@@ -1,4 +1,5 @@
[small.https.html]
+ prefs: [dom.script_loader.binast_encoding.domain.restrict:false]
[Check we can load BinAST over HTTPS]
expected:
if release_or_beta or (os == "android") or ((os == "win") and (processor == "x86")): FAIL
diff --git a/testing/web-platform/mozilla/tests/binast/domain-restrict-excluded.https.html b/testing/web-platform/mozilla/tests/binast/domain-restrict-excluded.https.html
new file mode 100644
index 000000000000..c6ef70528c44
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/binast/domain-restrict-excluded.https.html
@@ -0,0 +1,38 @@
+
+Check we can't load BinAST if the host is excluded in the list
+
+
+
+
+
diff --git a/testing/web-platform/mozilla/tests/binast/domain-restrict-included.https.html b/testing/web-platform/mozilla/tests/binast/domain-restrict-included.https.html
new file mode 100644
index 000000000000..c1c952b8bb86
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/binast/domain-restrict-included.https.html
@@ -0,0 +1,31 @@
+
+Check we can load BinAST if the host is included in the list
+
+
+
+
+
diff --git a/testing/web-platform/mozilla/tests/binast/not-secure.html b/testing/web-platform/mozilla/tests/binast/not-secure.html
new file mode 100644
index 000000000000..771dd76ae3b2
--- /dev/null
+++ b/testing/web-platform/mozilla/tests/binast/not-secure.html
@@ -0,0 +1,38 @@
+
+Check we can't load BinAST over HTTP
+
+
+
+
+
diff --git a/testing/web-platform/mozilla/tests/binast/serve.py b/testing/web-platform/mozilla/tests/binast/serve.py
index 7f86cf01f29a..b8c790f6e78f 100644
--- a/testing/web-platform/mozilla/tests/binast/serve.py
+++ b/testing/web-platform/mozilla/tests/binast/serve.py
@@ -17,18 +17,36 @@ def clientAcceptsBinAST(request):
encodings = [s.strip().lower() for s in request.headers["accept"].split(",")]
return BinASTMimeType in encodings
+def get_mine_type_and_extension(request, params):
+ accept_binast = clientAcceptsBinAST(request)
+
+ if 'expect_accept' in params:
+ expect_accept = params['expect_accept'][0]
+ if expect_accept == 'false':
+ if accept_binast:
+ raise Exception("Expect not accept binast")
+ elif expect_accept == 'true':
+ if not accept_binast:
+ raise Exception("Expect accept binast")
+ else:
+ raise Exception("Bad check_header parameter: " + check_header)
+
+ if 'force_binast' in params and params['force_binast'][0] == 'true':
+ return BinASTMimeType, BinASTExtension
+
+ if accept_binast:
+ return BinASTMimeType, BinASTExtension
+
+ return JavaScriptMimeType, SourceTextExtension
+
+
def main(request, response):
params = urlparse.parse_qs(request.url_parts[3])
name = params['name'][0]
if not re.match(r'\w+$', name):
raise Exception("Bad name parameter: " + name)
- if clientAcceptsBinAST(request):
- mimeType = BinASTMimeType
- extension = BinASTExtension
- else:
- mimeType = JavaScriptMimeType
- extension = SourceTextExtension
+ mimeType, extension = get_mine_type_and_extension(request, params)
scriptDir = os.path.dirname(__file__)
contentPath = os.path.join(scriptDir, name + extension)