OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/SubresourceIntegrity.h" | 5 #include "core/frame/SubresourceIntegrity.h" |
6 | 6 |
7 #include "core/HTMLNames.h" | 7 #include "core/HTMLNames.h" |
8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
9 #include "core/dom/Element.h" | 9 #include "core/dom/Element.h" |
10 #include "core/dom/ExecutionContext.h" | 10 #include "core/dom/ExecutionContext.h" |
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
94 }; | 94 }; |
95 | 95 |
96 for (size_t i = 0; i < length; i++) { | 96 for (size_t i = 0; i < length; i++) { |
97 if (weakerAlgorithms[i] == algorithm2) | 97 if (weakerAlgorithms[i] == algorithm2) |
98 return algorithm1; | 98 return algorithm1; |
99 } | 99 } |
100 | 100 |
101 return algorithm2; | 101 return algorithm2; |
102 } | 102 } |
103 | 103 |
104 bool SubresourceIntegrity::CheckSubresourceIntegrity(const Element& element, | 104 bool SubresourceIntegrity::CheckSubresourceIntegrity( |
105 const char* content, | 105 const String& integrityAttribute, |
106 size_t size, | 106 Document& document, |
107 const KURL& resourceUrl, | 107 const char* content, |
108 const Resource& resource) { | 108 size_t size, |
109 Document& document = element.document(); | 109 const KURL& resourceUrl, |
110 String attribute = element.fastGetAttribute(HTMLNames::integrityAttr); | 110 const Resource& resource) { |
111 if (attribute.isEmpty()) | 111 if (integrityAttribute.isEmpty()) |
112 return true; | 112 return true; |
113 | 113 |
114 IntegrityMetadataSet metadataSet; | 114 IntegrityMetadataSet metadataSet; |
115 IntegrityParseResult integrityParseResult = | 115 IntegrityParseResult integrityParseResult = |
116 parseIntegrityAttribute(attribute, metadataSet, &document); | 116 parseIntegrityAttribute(integrityAttribute, metadataSet, &document); |
117 // On failed parsing, there's no need to log an error here, as | 117 // On failed parsing, there's no need to log an error here, as |
118 // parseIntegrityAttribute() will output an appropriate console message. | 118 // parseIntegrityAttribute() will output an appropriate console message. |
119 if (integrityParseResult != IntegrityParseValidResult) | 119 if (integrityParseResult != IntegrityParseValidResult) |
120 return true; | 120 return true; |
121 | 121 |
122 return CheckSubresourceIntegrity(metadataSet, element, content, size, | 122 return CheckSubresourceIntegrity(metadataSet, document, content, size, |
123 resourceUrl, resource); | 123 resourceUrl, resource); |
124 } | 124 } |
125 | 125 |
126 bool SubresourceIntegrity::CheckSubresourceIntegrity( | 126 bool SubresourceIntegrity::CheckSubresourceIntegrity( |
127 const IntegrityMetadataSet& metadataSet, | 127 const IntegrityMetadataSet& metadataSet, |
128 const Element& element, | 128 Document& document, |
129 const char* content, | 129 const char* content, |
130 size_t size, | 130 size_t size, |
131 const KURL& resourceUrl, | 131 const KURL& resourceUrl, |
132 const Resource& resource) { | 132 const Resource& resource) { |
133 Document& document = element.document(); | |
134 | |
135 if (!resource.isEligibleForIntegrityCheck(document.getSecurityOrigin())) { | 133 if (!resource.isEligibleForIntegrityCheck(document.getSecurityOrigin())) { |
136 UseCounter::count(document, | 134 UseCounter::count(document, |
137 UseCounter::SRIElementIntegrityAttributeButIneligible); | 135 UseCounter::SRIElementIntegrityAttributeButIneligible); |
138 logErrorToConsole("Subresource Integrity: The resource '" + | 136 logErrorToConsole("Subresource Integrity: The resource '" + |
139 resourceUrl.elidedString() + | 137 resourceUrl.elidedString() + |
140 "' has an integrity attribute, but the resource " | 138 "' has an integrity attribute, but the resource " |
141 "requires the request to be CORS enabled to check " | 139 "requires the request to be CORS enabled to check " |
142 "the integrity, and it is not. The resource has been " | 140 "the integrity, and it is not. The resource has been " |
143 "blocked because the integrity cannot be enforced.", | 141 "blocked because the integrity cannot be enforced.", |
144 document); | 142 document); |
(...skipping 273 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
418 metadataSet.insert(integrityMetadata.toPair()); | 416 metadataSet.insert(integrityMetadata.toPair()); |
419 } | 417 } |
420 | 418 |
421 if (metadataSet.size() == 0 && error) | 419 if (metadataSet.size() == 0 && error) |
422 return IntegrityParseNoValidResult; | 420 return IntegrityParseNoValidResult; |
423 | 421 |
424 return IntegrityParseValidResult; | 422 return IntegrityParseValidResult; |
425 } | 423 } |
426 | 424 |
427 } // namespace blink | 425 } // namespace blink |
OLD | NEW |