| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/frame/SubresourceIntegrity.h" | 5 #include "core/frame/SubresourceIntegrity.h" |
| 6 | 6 |
| 7 #include "core/HTMLNames.h" | 7 #include "core/HTMLNames.h" |
| 8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
| 9 #include "core/dom/Element.h" | 9 #include "core/dom/Element.h" |
| 10 #include "core/dom/ExecutionContext.h" | 10 #include "core/dom/ExecutionContext.h" |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 94 }; | 94 }; |
| 95 | 95 |
| 96 for (size_t i = 0; i < length; i++) { | 96 for (size_t i = 0; i < length; i++) { |
| 97 if (weakerAlgorithms[i] == algorithm2) | 97 if (weakerAlgorithms[i] == algorithm2) |
| 98 return algorithm1; | 98 return algorithm1; |
| 99 } | 99 } |
| 100 | 100 |
| 101 return algorithm2; | 101 return algorithm2; |
| 102 } | 102 } |
| 103 | 103 |
| 104 bool SubresourceIntegrity::CheckSubresourceIntegrity(const Element& element, | 104 bool SubresourceIntegrity::CheckSubresourceIntegrity(const String& attribute, |
| 105 Document& document, |
| 105 const char* content, | 106 const char* content, |
| 106 size_t size, | 107 size_t size, |
| 107 const KURL& resourceUrl, | 108 const KURL& resourceUrl, |
| 108 const Resource& resource) { | 109 const Resource& resource) { |
| 109 Document& document = element.document(); | |
| 110 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr); | |
| 111 if (attribute.isEmpty()) | 110 if (attribute.isEmpty()) |
| 112 return true; | 111 return true; |
| 113 | 112 |
| 114 IntegrityMetadataSet metadataSet; | 113 IntegrityMetadataSet metadataSet; |
| 115 IntegrityParseResult integrityParseResult = | 114 IntegrityParseResult integrityParseResult = |
| 116 parseIntegrityAttribute(attribute, metadataSet, &document); | 115 parseIntegrityAttribute(attribute, metadataSet, &document); |
| 117 // On failed parsing, there's no need to log an error here, as | 116 // On failed parsing, there's no need to log an error here, as |
| 118 // parseIntegrityAttribute() will output an appropriate console message. | 117 // parseIntegrityAttribute() will output an appropriate console message. |
| 119 if (integrityParseResult != IntegrityParseValidResult) | 118 if (integrityParseResult != IntegrityParseValidResult) |
| 120 return true; | 119 return true; |
| 121 | 120 |
| 122 return CheckSubresourceIntegrity(metadataSet, element, content, size, | 121 return CheckSubresourceIntegrity(metadataSet, document, content, size, |
| 123 resourceUrl, resource); | 122 resourceUrl, resource); |
| 124 } | 123 } |
| 125 | 124 |
| 126 bool SubresourceIntegrity::CheckSubresourceIntegrity( | 125 bool SubresourceIntegrity::CheckSubresourceIntegrity( |
| 127 const IntegrityMetadataSet& metadataSet, | 126 const IntegrityMetadataSet& metadataSet, |
| 128 const Element& element, | 127 Document& document, |
| 129 const char* content, | 128 const char* content, |
| 130 size_t size, | 129 size_t size, |
| 131 const KURL& resourceUrl, | 130 const KURL& resourceUrl, |
| 132 const Resource& resource) { | 131 const Resource& resource) { |
| 133 Document& document = element.document(); | |
| 134 | |
| 135 if (!resource.isEligibleForIntegrityCheck(document.getSecurityOrigin())) { | 132 if (!resource.isEligibleForIntegrityCheck(document.getSecurityOrigin())) { |
| 136 UseCounter::count(document, | 133 UseCounter::count(document, |
| 137 UseCounter::SRIElementIntegrityAttributeButIneligible); | 134 UseCounter::SRIElementIntegrityAttributeButIneligible); |
| 138 logErrorToConsole("Subresource Integrity: The resource '" + | 135 logErrorToConsole("Subresource Integrity: The resource '" + |
| 139 resourceUrl.elidedString() + | 136 resourceUrl.elidedString() + |
| 140 "' has an integrity attribute, but the resource " | 137 "' has an integrity attribute, but the resource " |
| 141 "requires the request to be CORS enabled to check " | 138 "requires the request to be CORS enabled to check " |
| 142 "the integrity, and it is not. The resource has been " | 139 "the integrity, and it is not. The resource has been " |
| 143 "blocked because the integrity cannot be enforced.", | 140 "blocked because the integrity cannot be enforced.", |
| 144 document); | 141 document); |
| (...skipping 273 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 418 metadataSet.insert(integrityMetadata.toPair()); | 415 metadataSet.insert(integrityMetadata.toPair()); |
| 419 } | 416 } |
| 420 | 417 |
| 421 if (metadataSet.size() == 0 && error) | 418 if (metadataSet.size() == 0 && error) |
| 422 return IntegrityParseNoValidResult; | 419 return IntegrityParseNoValidResult; |
| 423 | 420 |
| 424 return IntegrityParseValidResult; | 421 return IntegrityParseValidResult; |
| 425 } | 422 } |
| 426 | 423 |
| 427 } // namespace blink | 424 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2723793002:
De-Element ScriptLoader (Closed)
