OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "core/frame/SubresourceIntegrity.h" | 6 #include "core/frame/SubresourceIntegrity.h" |
7 | 7 |
8 #include "core/HTMLNames.h" | 8 #include "core/HTMLNames.h" |
9 #include "core/dom/Document.h" | 9 #include "core/dom/Document.h" |
10 #include "core/dom/Element.h" | 10 #include "core/dom/Element.h" |
11 #include "core/fetch/Resource.h" | 11 #include "core/fetch/Resource.h" |
12 #include "core/frame/ConsoleTypes.h" | 12 #include "core/frame/ConsoleTypes.h" |
13 #include "core/frame/UseCounter.h" | 13 #include "core/frame/UseCounter.h" |
14 #include "core/inspector/ConsoleMessage.h" | 14 #include "core/inspector/ConsoleMessage.h" |
15 #include "platform/Crypto.h" | 15 #include "platform/Crypto.h" |
16 #include "platform/ParsingUtilities.h" | 16 #include "platform/ParsingUtilities.h" |
17 #include "platform/RuntimeEnabledFeatures.h" | |
18 #include "platform/weborigin/KURL.h" | 17 #include "platform/weborigin/KURL.h" |
19 #include "platform/weborigin/SecurityOrigin.h" | 18 #include "platform/weborigin/SecurityOrigin.h" |
20 #include "public/platform/WebCrypto.h" | 19 #include "public/platform/WebCrypto.h" |
21 #include "public/platform/WebCryptoAlgorithm.h" | 20 #include "public/platform/WebCryptoAlgorithm.h" |
22 #include "wtf/ASCIICType.h" | 21 #include "wtf/ASCIICType.h" |
23 #include "wtf/Vector.h" | 22 #include "wtf/Vector.h" |
24 #include "wtf/dtoa/utils.h" | 23 #include "wtf/dtoa/utils.h" |
25 #include "wtf/text/Base64.h" | 24 #include "wtf/text/Base64.h" |
26 #include "wtf/text/StringUTF8Adaptor.h" | 25 #include "wtf/text/StringUTF8Adaptor.h" |
27 #include "wtf/text/WTFString.h" | 26 #include "wtf/text/WTFString.h" |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
98 for (size_t i = 0; i < length; i++) { | 97 for (size_t i = 0; i < length; i++) { |
99 if (weakerAlgorithms[i] == algorithm2) | 98 if (weakerAlgorithms[i] == algorithm2) |
100 return algorithm1; | 99 return algorithm1; |
101 } | 100 } |
102 | 101 |
103 return algorithm2; | 102 return algorithm2; |
104 } | 103 } |
105 | 104 |
106 bool SubresourceIntegrity::CheckSubresourceIntegrity(const Element& element, con
st String& source, const KURL& resourceUrl, const Resource& resource) | 105 bool SubresourceIntegrity::CheckSubresourceIntegrity(const Element& element, con
st String& source, const KURL& resourceUrl, const Resource& resource) |
107 { | 106 { |
108 if (!RuntimeEnabledFeatures::subresourceIntegrityEnabled()) | |
109 return true; | |
110 | |
111 Document& document = element.document(); | 107 Document& document = element.document(); |
112 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr); | 108 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr); |
113 if (attribute.isEmpty()) | 109 if (attribute.isEmpty()) |
114 return true; | 110 return true; |
115 | 111 |
116 if (!resource.isEligibleForIntegrityCheck(document.securityOrigin())) { | 112 if (!resource.isEligibleForIntegrityCheck(document.securityOrigin())) { |
117 UseCounter::count(document, UseCounter::SRIElementIntegrityAttributeButI
neligible); | 113 UseCounter::count(document, UseCounter::SRIElementIntegrityAttributeButI
neligible); |
118 logErrorToConsole("Subresource Integrity: The resource '" + resourceUrl.
elidedString() + "' has an integrity attribute, but the resource requires the re
quest to be CORS enabled to check the integrity, and it is not. The resource has
not been blocked, but no integrity check occurred.", document); | 114 logErrorToConsole("Subresource Integrity: The resource '" + resourceUrl.
elidedString() + "' has an integrity attribute, but the resource requires the re
quest to be CORS enabled to check the integrity, and it is not. The resource has
not been blocked, but no integrity check occurred.", document); |
119 return true; | 115 return true; |
120 } | 116 } |
(...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
322 metadataList.append(integrityMetadata); | 318 metadataList.append(integrityMetadata); |
323 } | 319 } |
324 | 320 |
325 if (metadataList.size() == 0 && error) | 321 if (metadataList.size() == 0 && error) |
326 return IntegrityParseNoValidResult; | 322 return IntegrityParseNoValidResult; |
327 | 323 |
328 return IntegrityParseValidResult; | 324 return IntegrityParseValidResult; |
329 } | 325 } |
330 | 326 |
331 } // namespace blink | 327 } // namespace blink |
OLD | NEW |