diff options
| author | bors-servo <lbergstrom+bors@mozilla.com> | 2017-01-07 23:14:37 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-01-07 23:14:37 -0800 |
| commit | f958dafcaeed643f1232a23f5c2d4f6ba141bfea (patch) | |
| tree | 04272dd512cf96ca0425ffee7c88b6f2936b4844 /components/script/dom/htmlscriptelement.rs | |
| parent | cdf14730ff4c17afdfdcc0cefbd0683a4324ba8e (diff) | |
| parent | a3026499f43860c0d02170534bee20f8f5cc7faa (diff) | |
| download | servo-f958dafcaeed643f1232a23f5c2d4f6ba141bfea.tar.gz servo-f958dafcaeed643f1232a23f5c2d4f6ba141bfea.zip | |
Auto merge of #14865 - mrnayak:sri-fetch, r=jdm
Implement Subresource Integrity
Implemented response validation part of https://w3c.github.io/webappsec-subresource-integrity/.
Implemented step eighteen of the main fetch. If a request has integrity metadata, then following steps are performed
1) Wait for response body
2) If the response does not have a termination reason and response does not match request’s integrity metadata, set response and internalResponse to a network error.
Dependency updated: html5ever-atoms from 0.1.2 to 0.1.3. This will not completely fix #14523, It will implement changes related to response validation. Request validation algorithm implementation needs CSP.
I did not update any WPT-Test. In my local system, I found some assertion issue dependent on the order of execution of test-case. It would be helpful if someone could do "try" build on these changes to get wpt results.
r? @jdm
<!-- Please describe your changes on the following line: -->
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
<!-- Either: -->
- [X] There are tests for these changes
<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/14865)
<!-- Reviewable:end -->
Diffstat (limited to 'components/script/dom/htmlscriptelement.rs')
| -rw-r--r-- | components/script/dom/htmlscriptelement.rs | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/components/script/dom/htmlscriptelement.rs b/components/script/dom/htmlscriptelement.rs index 9558d9c4b41..9c2bcfd583c 100644 --- a/components/script/dom/htmlscriptelement.rs +++ b/components/script/dom/htmlscriptelement.rs @@ -40,7 +40,6 @@ use std::ascii::AsciiExt; use std::cell::Cell; use std::sync::{Arc, Mutex}; use style::str::{HTML_SPACE_CHARACTERS, StaticStringVec}; - #[dom_struct] pub struct HTMLScriptElement { htmlelement: HTMLElement, @@ -221,6 +220,7 @@ impl PreInvoke for ScriptContext {} fn fetch_a_classic_script(script: &HTMLScriptElement, url: ServoUrl, cors_setting: Option<CorsSettings>, + integrity_metadata: String, character_encoding: EncodingRef) { let doc = document_from_node(script); @@ -245,6 +245,7 @@ fn fetch_a_classic_script(script: &HTMLScriptElement, pipeline_id: Some(script.global().pipeline_id()), referrer_url: Some(doc.url()), referrer_policy: doc.get_referrer_policy(), + integrity_metadata: integrity_metadata, .. RequestInit::default() }; @@ -365,7 +366,13 @@ impl HTMLScriptElement { // TODO: Step 15: Nonce. - // TODO: Step 16: Parser state. + // Step 16: Integrity Metadata + let im_attribute = element.get_attribute(&ns!(), &local_name!("integrity")); + let integrity_val = im_attribute.r().map(|a| a.value()); + let integrity_metadata = match integrity_val { + Some(ref value) => &***value, + None => "", + }; // TODO: Step 17: environment settings object. @@ -393,7 +400,7 @@ impl HTMLScriptElement { }; // Step 18.6. - fetch_a_classic_script(self, url, cors_setting, encoding); + fetch_a_classic_script(self, url, cors_setting, integrity_metadata.to_owned(), encoding); true }, @@ -675,6 +682,11 @@ impl HTMLScriptElementMethods for HTMLScriptElement { // https://html.spec.whatwg.org/multipage/#dom-script-defer make_bool_setter!(SetDefer, "defer"); + // https://html.spec.whatwg.org/multipage/#dom-script-integrity + make_getter!(Integrity, "integrity"); + // https://html.spec.whatwg.org/multipage/#dom-script-integrity + make_setter!(SetIntegrity, "integrity"); + // https://html.spec.whatwg.org/multipage/#dom-script-event make_getter!(Event, "event"); // https://html.spec.whatwg.org/multipage/#dom-script-event |