Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1066)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/frame/SubresourceIntegrity.cpp

Issue 1186883003: Ship Subresource Integrity (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Fixed virtual test results Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « LayoutTests/virtual/stable/webexposed/global-interface-listing-expected.txt ('k') | Source/core/html/HTMLLinkElement.idl » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "config.h" 5 #include "config.h"
6 #include "core/frame/SubresourceIntegrity.h" 6 #include "core/frame/SubresourceIntegrity.h"
7 7
8 #include "core/HTMLNames.h" 8 #include "core/HTMLNames.h"
9 #include "core/dom/Document.h" 9 #include "core/dom/Document.h"
10 #include "core/dom/Element.h" 10 #include "core/dom/Element.h"
11 #include "core/fetch/Resource.h" 11 #include "core/fetch/Resource.h"
12 #include "core/frame/ConsoleTypes.h" 12 #include "core/frame/ConsoleTypes.h"
13 #include "core/frame/UseCounter.h" 13 #include "core/frame/UseCounter.h"
14 #include "core/inspector/ConsoleMessage.h" 14 #include "core/inspector/ConsoleMessage.h"
15 #include "platform/Crypto.h" 15 #include "platform/Crypto.h"
16 #include "platform/ParsingUtilities.h" 16 #include "platform/ParsingUtilities.h"
17 #include "platform/RuntimeEnabledFeatures.h"
18 #include "platform/weborigin/KURL.h" 17 #include "platform/weborigin/KURL.h"
19 #include "platform/weborigin/SecurityOrigin.h" 18 #include "platform/weborigin/SecurityOrigin.h"
20 #include "public/platform/WebCrypto.h" 19 #include "public/platform/WebCrypto.h"
21 #include "public/platform/WebCryptoAlgorithm.h" 20 #include "public/platform/WebCryptoAlgorithm.h"
22 #include "wtf/ASCIICType.h" 21 #include "wtf/ASCIICType.h"
23 #include "wtf/Vector.h" 22 #include "wtf/Vector.h"
24 #include "wtf/dtoa/utils.h" 23 #include "wtf/dtoa/utils.h"
25 #include "wtf/text/Base64.h" 24 #include "wtf/text/Base64.h"
26 #include "wtf/text/StringUTF8Adaptor.h" 25 #include "wtf/text/StringUTF8Adaptor.h"
27 #include "wtf/text/WTFString.h" 26 #include "wtf/text/WTFString.h"
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after
98 for (size_t i = 0; i < length; i++) { 97 for (size_t i = 0; i < length; i++) {
99 if (weakerAlgorithms[i] == algorithm2) 98 if (weakerAlgorithms[i] == algorithm2)
100 return algorithm1; 99 return algorithm1;
101 } 100 }
102 101
103 return algorithm2; 102 return algorithm2;
104 } 103 }
105 104
106 bool SubresourceIntegrity::CheckSubresourceIntegrity(const Element& element, con st String& source, const KURL& resourceUrl, const Resource& resource) 105 bool SubresourceIntegrity::CheckSubresourceIntegrity(const Element& element, con st String& source, const KURL& resourceUrl, const Resource& resource)
107 { 106 {
108 if (!RuntimeEnabledFeatures::subresourceIntegrityEnabled())
109 return true;
110
111 Document& document = element.document(); 107 Document& document = element.document();
112 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr); 108 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr);
113 if (attribute.isEmpty()) 109 if (attribute.isEmpty())
114 return true; 110 return true;
115 111
116 if (!resource.isEligibleForIntegrityCheck(document.securityOrigin())) { 112 if (!resource.isEligibleForIntegrityCheck(document.securityOrigin())) {
117 UseCounter::count(document, UseCounter::SRIElementIntegrityAttributeButI neligible); 113 UseCounter::count(document, UseCounter::SRIElementIntegrityAttributeButI neligible);
118 logErrorToConsole("Subresource Integrity: The resource '" + resourceUrl. elidedString() + "' has an integrity attribute, but the resource requires the re quest to be CORS enabled to check the integrity, and it is not. The resource has not been blocked, but no integrity check occurred.", document); 114 logErrorToConsole("Subresource Integrity: The resource '" + resourceUrl. elidedString() + "' has an integrity attribute, but the resource requires the re quest to be CORS enabled to check the integrity, and it is not. The resource has not been blocked, but no integrity check occurred.", document);
119 return true; 115 return true;
120 } 116 }
(...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after
322 metadataList.append(integrityMetadata); 318 metadataList.append(integrityMetadata);
323 } 319 }
324 320
325 if (metadataList.size() == 0 && error) 321 if (metadataList.size() == 0 && error)
326 return IntegrityParseNoValidResult; 322 return IntegrityParseNoValidResult;
327 323
328 return IntegrityParseValidResult; 324 return IntegrityParseValidResult;
329 } 325 }
330 326
331 } // namespace blink 327 } // namespace blink
OLDNEW
« no previous file with comments | « LayoutTests/virtual/stable/webexposed/global-interface-listing-expected.txt ('k') | Source/core/html/HTMLLinkElement.idl » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698