From 2a03de66caa66854a74e3e2fd006abbbff93ffb5 Mon Sep 17 00:00:00 2001
From: jww <jww@chromium.org>
Date: Fri, 8 Jan 2016 10:20:29 -0800
Subject: [PATCH] Clear integrity failure bit in PendingScript on release

This fixes a bug where a script loaded after a previous script failed
due to an integrity failure would also fail to load. This is because the
PendingScript object was reused for the new script resource, and we
failed to clear out the m_integrityFailure bit. This simply sets that to
false when the old script resource is released.

BUG=570340

Review URL: https://codereview.chromium.org/1569823004

Cr-Commit-Position: refs/heads/master@{#368379}
---
 ...regular-script-after-failed-integrity.html | 32 +++++++++++++++++++
 .../WebKit/Source/core/dom/PendingScript.cpp  |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 third_party/WebKit/LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-load-regular-script-after-failed-integrity.html

diff --git a/third_party/WebKit/LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-load-regular-script-after-failed-integrity.html b/third_party/WebKit/LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-load-regular-script-after-failed-integrity.html
new file mode 100644
index 0000000000000..1e3584b8f6872
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-load-regular-script-after-failed-integrity.html
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <!-- Regression test for https://crbug.com/570340 -->
+        <title>Script loaded after failed integrity check should still load</title>
+    </head>
+    <body>
+        <script src="/resources/testharness.js"></script>
+        <script src="/resources/testharnessreport.js"></script>
+        <script>
+            var should_fail_test = async_test('should fail');
+            var should_succeed_test = async_test('should succeed');
+
+            function should_fail(loaded) {
+                should_fail_test.step(function() {
+                    if (loaded)
+                        assert_unreached();
+                    else
+                        this.done();
+                });
+            }
+
+            function success() {
+                should_succeed_test.step(function() {
+                    this.done();
+                });
+            }
+        </script>
+        <script onerror="should_fail(false);" onload="should_fail(true);" src="resources/simple-result.js" integrity="sha256-deadbeef"></script>
+        <script onerror="assert_unreached();" src="call-success.js"></script>
+    </body>
+</html>
diff --git a/third_party/WebKit/Source/core/dom/PendingScript.cpp b/third_party/WebKit/Source/core/dom/PendingScript.cpp
index 2a688e29d5377..ba3e8a5bbcfd2 100644
--- a/third_party/WebKit/Source/core/dom/PendingScript.cpp
+++ b/third_party/WebKit/Source/core/dom/PendingScript.cpp
@@ -117,6 +117,7 @@ PassRefPtrWillBeRawPtr<Element> PendingScript::releaseElementAndClear()
     setScriptResource(0);
     m_watchingForLoad = false;
     m_startingPosition = TextPosition::belowRangePosition();
+    m_integrityFailure = false;
     if (m_streamer)
         m_streamer->cancel();
     m_streamer.release();