| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "config.h" | 5 #include "config.h" |
| 6 #include "core/frame/SubresourceIntegrity.h" | 6 #include "core/frame/SubresourceIntegrity.h" |
| 7 | 7 |
| 8 #include "core/HTMLNames.h" | 8 #include "core/HTMLNames.h" |
| 9 #include "core/dom/Document.h" | 9 #include "core/dom/Document.h" |
| 10 #include "core/dom/Element.h" | 10 #include "core/dom/Element.h" |
| (...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 107 { | 107 { |
| 108 if (!RuntimeEnabledFeatures::subresourceIntegrityEnabled()) | 108 if (!RuntimeEnabledFeatures::subresourceIntegrityEnabled()) |
| 109 return true; | 109 return true; |
| 110 | 110 |
| 111 Document& document = element.document(); | 111 Document& document = element.document(); |
| 112 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr); | 112 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr); |
| 113 if (attribute.isEmpty()) | 113 if (attribute.isEmpty()) |
| 114 return true; | 114 return true; |
| 115 | 115 |
| 116 if (!resource.isEligibleForIntegrityCheck(document.securityOrigin())) { | 116 if (!resource.isEligibleForIntegrityCheck(document.securityOrigin())) { |
| 117 UseCounter::count(document, UseCounter::SRIElementIntegrityAttributeButI
neligible); |
| 117 logErrorToConsole("Subresource Integrity: The resource '" + resourceUrl.
elidedString() + "' has an integrity attribute, but the resource requires the re
quest to be CORS enabled to check the integrity, and it is not. The resource has
not been blocked, but no integrity check occurred.", document); | 118 logErrorToConsole("Subresource Integrity: The resource '" + resourceUrl.
elidedString() + "' has an integrity attribute, but the resource requires the re
quest to be CORS enabled to check the integrity, and it is not. The resource has
not been blocked, but no integrity check occurred.", document); |
| 118 return true; | 119 return true; |
| 119 } | 120 } |
| 120 | 121 |
| 121 WTF::Vector<IntegrityMetadata> metadataList; | 122 WTF::Vector<IntegrityMetadata> metadataList; |
| 122 IntegrityParseResult integrityParseResult = parseIntegrityAttribute(attribut
e, metadataList, document); | 123 IntegrityParseResult integrityParseResult = parseIntegrityAttribute(attribut
e, metadataList, document); |
| 123 // On failed parsing, there's no need to log an error here, as | 124 // On failed parsing, there's no need to log an error here, as |
| 124 // parseIntegrityAttribute() will output an appropriate console message. | 125 // parseIntegrityAttribute() will output an appropriate console message. |
| 125 if (integrityParseResult != IntegrityParseValidResult) | 126 if (integrityParseResult != IntegrityParseValidResult) |
| 126 return true; | 127 return true; |
| (...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 321 metadataList.append(integrityMetadata); | 322 metadataList.append(integrityMetadata); |
| 322 } | 323 } |
| 323 | 324 |
| 324 if (metadataList.size() == 0 && error) | 325 if (metadataList.size() == 0 && error) |
| 325 return IntegrityParseNoValidResult; | 326 return IntegrityParseNoValidResult; |
| 326 | 327 |
| 327 return IntegrityParseValidResult; | 328 return IntegrityParseValidResult; |
| 328 } | 329 } |
| 329 | 330 |
| 330 } // namespace blink | 331 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1184183003:
Add use counter for ineligible Subresource Integrity use (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master