| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/frame/SubresourceIntegrity.h" | 5 #include "core/frame/SubresourceIntegrity.h" |
| 6 | 6 |
| 7 #include "core/HTMLNames.h" | 7 #include "core/HTMLNames.h" |
| 8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
| 9 #include "core/dom/Element.h" | 9 #include "core/dom/Element.h" |
| 10 #include "core/dom/ExecutionContext.h" | 10 #include "core/dom/ExecutionContext.h" |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 94 }; | 94 }; |
| 95 | 95 |
| 96 for (size_t i = 0; i < length; i++) { | 96 for (size_t i = 0; i < length; i++) { |
| 97 if (weakerAlgorithms[i] == algorithm2) | 97 if (weakerAlgorithms[i] == algorithm2) |
| 98 return algorithm1; | 98 return algorithm1; |
| 99 } | 99 } |
| 100 | 100 |
| 101 return algorithm2; | 101 return algorithm2; |
| 102 } | 102 } |
| 103 | 103 |
| 104 bool SubresourceIntegrity::CheckSubresourceIntegrity(const Element& element, | 104 bool SubresourceIntegrity::CheckSubresourceIntegrity( |
| 105 const char* content, | 105 const String& integrityAttribute, |
| 106 size_t size, | 106 Document& document, |
| 107 const KURL& resourceUrl, | 107 const char* content, |
| 108 const Resource& resource) { | 108 size_t size, |
| 109 Document& document = element.document(); | 109 const KURL& resourceUrl, |
| 110 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr); | 110 const Resource& resource) { |
| 111 if (attribute.isEmpty()) | 111 if (integrityAttribute.isEmpty()) |
| 112 return true; | 112 return true; |
| 113 | 113 |
| 114 IntegrityMetadataSet metadataSet; | 114 IntegrityMetadataSet metadataSet; |
| 115 IntegrityParseResult integrityParseResult = | 115 IntegrityParseResult integrityParseResult = |
| 116 parseIntegrityAttribute(attribute, metadataSet, &document); | 116 parseIntegrityAttribute(integrityAttribute, metadataSet, &document); |
| 117 // On failed parsing, there's no need to log an error here, as | 117 // On failed parsing, there's no need to log an error here, as |
| 118 // parseIntegrityAttribute() will output an appropriate console message. | 118 // parseIntegrityAttribute() will output an appropriate console message. |
| 119 if (integrityParseResult != IntegrityParseValidResult) | 119 if (integrityParseResult != IntegrityParseValidResult) |
| 120 return true; | 120 return true; |
| 121 | 121 |
| 122 return CheckSubresourceIntegrity(metadataSet, element, content, size, | 122 return CheckSubresourceIntegrity(metadataSet, document, content, size, |
| 123 resourceUrl, resource); | 123 resourceUrl, resource); |
| 124 } | 124 } |
| 125 | 125 |
| 126 bool SubresourceIntegrity::CheckSubresourceIntegrity( | 126 bool SubresourceIntegrity::CheckSubresourceIntegrity( |
| 127 const IntegrityMetadataSet& metadataSet, | 127 const IntegrityMetadataSet& metadataSet, |
| 128 const Element& element, | 128 Document& document, |
| 129 const char* content, | 129 const char* content, |
| 130 size_t size, | 130 size_t size, |
| 131 const KURL& resourceUrl, | 131 const KURL& resourceUrl, |
| 132 const Resource& resource) { | 132 const Resource& resource) { |
| 133 Document& document = element.document(); | |
| 134 | |
| 135 if (!resource.isEligibleForIntegrityCheck(document.getSecurityOrigin())) { | 133 if (!resource.isEligibleForIntegrityCheck(document.getSecurityOrigin())) { |
| 136 UseCounter::count(document, | 134 UseCounter::count(document, |
| 137 UseCounter::SRIElementIntegrityAttributeButIneligible); | 135 UseCounter::SRIElementIntegrityAttributeButIneligible); |
| 138 logErrorToConsole("Subresource Integrity: The resource '" + | 136 logErrorToConsole("Subresource Integrity: The resource '" + |
| 139 resourceUrl.elidedString() + | 137 resourceUrl.elidedString() + |
| 140 "' has an integrity attribute, but the resource " | 138 "' has an integrity attribute, but the resource " |
| 141 "requires the request to be CORS enabled to check " | 139 "requires the request to be CORS enabled to check " |
| 142 "the integrity, and it is not. The resource has been " | 140 "the integrity, and it is not. The resource has been " |
| 143 "blocked because the integrity cannot be enforced.", | 141 "blocked because the integrity cannot be enforced.", |
| 144 document); | 142 document); |
| (...skipping 273 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 418 metadataSet.insert(integrityMetadata.toPair()); | 416 metadataSet.insert(integrityMetadata.toPair()); |
| 419 } | 417 } |
| 420 | 418 |
| 421 if (metadataSet.size() == 0 && error) | 419 if (metadataSet.size() == 0 && error) |
| 422 return IntegrityParseNoValidResult; | 420 return IntegrityParseNoValidResult; |
| 423 | 421 |
| 424 return IntegrityParseValidResult; | 422 return IntegrityParseValidResult; |
| 425 } | 423 } |
| 426 | 424 |
| 427 } // namespace blink | 425 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2723793002:
De-Element ScriptLoader (Closed)
