Disable image lazy loading when scripting is disabled

This CL disables image lazy loading for images in frames in which scripting is disabled. The HTML Standard mandates that image lazy loading be disabled in these cases, as a privacy-protection measure. See [1]. [1]: https://html.spec.whatwg.org/multipage/images.html#will-lazy-load-image-steps R=kinuko@chromium.org, sclittle@chromium.org Bug: 1005881 Change-Id: Ib675b46ee1d9bb10119172893547cb80b0308ab1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2127415 Commit-Queue: Dominic Farolino <dom@chromium.org> Reviewed-by: Scott Little <sclittle@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#754960}

Disable image lazy loading when scripting is disabled
This CL disables image lazy loading for images in frames in which scripting is disabled. The HTML Standard mandates that image lazy loading be disabled in these cases, as a privacy-protection measure. See [1]. [1]: https://html.spec.whatwg.org/multipage/images.html#will-lazy-load-image-steps R=kinuko@chromium.org, sclittle@chromium.org Bug: 1005881 Change-Id: Ib675b46ee1d9bb10119172893547cb80b0308ab1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2127415 Commit-Queue: Dominic Farolino <dom@chromium.org> Reviewed-by: Scott Little <sclittle@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#754960}
fd8ec60a · Dominic Farolino · Commit Bot · bf4190f4 · fd8ec60a · bf4190f4
Commit fd8ec60a authored Mar 31, 2020 by Dominic Farolino Committed by Commit Bot Mar 31, 2020
2 changed files
--- a/third_party/blink/renderer/core/loader/lazy_image_helper.cc
+++ b/third_party/blink/renderer/core/loader/lazy_image_helper.cc
@@ -6,6 +6,7 @@

 #include "third_party/blink/renderer/core/dom/document.h"
 #include "third_party/blink/renderer/core/dom/element.h"
+#include "third_party/blink/renderer/core/execution_context/execution_context.h"
 #include "third_party/blink/renderer/core/frame/frame_owner.h"
 #include "third_party/blink/renderer/core/frame/local_frame.h"
 #include "third_party/blink/renderer/core/frame/web_feature.h"
@@ -110,6 +111,11 @@ LazyImageHelper::DetermineEligibilityAndTrackVisibilityMetrics(
  if (!url.ProtocolIsInHTTPFamily())
    return LazyImageHelper::Eligibility::kDisabled;

+  // Do not lazyload image elements when JavaScript is disabled, regardless of
+  // the `loading` attribute.
+  if (!frame.GetDocument()->CanExecuteScripts(kNotAboutToExecuteScript))
+    return LazyImageHelper::Eligibility::kDisabled;
+
  const auto lazy_load_image_setting = frame.GetLazyLoadImageSetting();
  LoadingAttrValue loading_attr = GetLoadingAttrValue(*html_image);
  bool is_fully_loadable =

--- a/third_party/blink/web_tests/external/wpt/html/semantics/embedded-content/the-img-element/image-loading-lazy-in-script-disabled-iframe-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/html/semantics/embedded-content/the-img-element/image-loading-lazy-in-script-disabled-iframe-expected.txt
-This is a testharness.js-based test.
-FAIL Images with loading='lazy' in script disabled iframe are not handled
-       as 'lazy' assert_true: lazy-load image shouldn't be honored in script disabled iframe expected true got false
-Harness: the test ran to completion.
-