Auto merge of #14865 - mrnayak:sri-fetch, r=jdm

Implement Subresource Integrity Implemented response validation part of https://w3c.github.io/webappsec-subresource-integrity/. Implemented step eighteen of the main fetch. If a request has integrity metadata, then following steps are performed 1) Wait for response body 2) If the response does not have a termination reason and response does not match request’s integrity metadata, set response and internalResponse to a network error. Dependency updated: html5ever-atoms from 0.1.2 to 0.1.3. This will not completely fix #14523, It will implement changes related to response validation. Request validation algorithm implementation needs CSP. I did not update any WPT-Test. In my local system, I found some assertion issue dependent on the order of execution of test-case. It would be helpful if someone could do "try" build on these changes to get wpt results. r? @jdm  ---  - [X] `./mach build -d` does not report any errors - [X] `./mach test-tidy` does not report any errors  - [X] There are tests for these changes   --- This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/14865)
author: bors-servo <lbergstrom+bors@mozilla.com> 2017-01-07 23:14:37 -0800
committer: GitHub <noreply@github.com> 2017-01-07 23:14:37 -0800
commit: f958dafcaeed643f1232a23f5c2d4f6ba141bfea (patch)
tree: 04272dd512cf96ca0425ffee7c88b6f2936b4844 /components/script/dom
parent: cdf14730ff4c17afdfdcc0cefbd0683a4324ba8e (diff)
parent: a3026499f43860c0d02170534bee20f8f5cc7faa (diff)
download: servo-f958dafcaeed643f1232a23f5c2d4f6ba141bfea.tar.gz
servo-f958dafcaeed643f1232a23f5c2d4f6ba141bfea.zip
4 files changed, 32 insertions, 4 deletions
diff --git a/components/script/dom/htmllinkelement.rs b/components/script/dom/htmllinkelement.rs
index ee4ee4718cf..24b4e779099 100644
--- a/components/script/dom/htmllinkelement.rs
+++ b/components/script/dom/htmllinkelement.rs
@@ -243,16 +243,24 @@ impl HTMLLinkElement {
             Some(ref value) => &***value,
             None => "",
         };
+
         let mut css_parser = CssParser::new(&mq_str);
         let media = parse_media_query_list(&mut css_parser);
 
+        let im_attribute = element.get_attribute(&ns!(), &local_name!("integrity"));
+        let integrity_val = im_attribute.r().map(|a| a.value());
+        let integrity_metadata = match integrity_val {
+            Some(ref value) => &***value,
+            None => "",
+        };
+
         // TODO: #8085 - Don't load external stylesheets if the node's mq
         // doesn't match.
         let loader = StylesheetLoader::for_element(self.upcast());
         loader.load(StylesheetContextSource::LinkElement {
             url: url,
             media: Some(media),
-        });
+        }, integrity_metadata.to_owned());
     }
 
     fn handle_favicon_url(&self, rel: &str, href: &str, sizes: &Option<String>) {
@@ -328,6 +336,12 @@ impl HTMLLinkElementMethods for HTMLLinkElement {
     // https://html.spec.whatwg.org/multipage/#dom-link-media
     make_setter!(SetMedia, "media");
 
+    // https://html.spec.whatwg.org/multipage/#dom-link-integrity
+    make_getter!(Integrity, "integrity");
+
+    // https://html.spec.whatwg.org/multipage/#dom-link-integrity
+    make_setter!(SetIntegrity, "integrity");
+
     // https://html.spec.whatwg.org/multipage/#dom-link-hreflang
     make_getter!(Hreflang, "hreflang");
 
diff --git a/components/script/dom/htmlscriptelement.rs b/components/script/dom/htmlscriptelement.rs
index 9558d9c4b41..9c2bcfd583c 100644
--- a/components/script/dom/htmlscriptelement.rs
+++ b/components/script/dom/htmlscriptelement.rs
@@ -40,7 +40,6 @@ use std::ascii::AsciiExt;
 use std::cell::Cell;
 use std::sync::{Arc, Mutex};
 use style::str::{HTML_SPACE_CHARACTERS, StaticStringVec};
-
 #[dom_struct]
 pub struct HTMLScriptElement {
     htmlelement: HTMLElement,
@@ -221,6 +220,7 @@ impl PreInvoke for ScriptContext {}
 fn fetch_a_classic_script(script: &HTMLScriptElement,
                           url: ServoUrl,
                           cors_setting: Option<CorsSettings>,
+                          integrity_metadata: String,
                           character_encoding: EncodingRef) {
     let doc = document_from_node(script);
 
@@ -245,6 +245,7 @@ fn fetch_a_classic_script(script: &HTMLScriptElement,
         pipeline_id: Some(script.global().pipeline_id()),
         referrer_url: Some(doc.url()),
         referrer_policy: doc.get_referrer_policy(),
+        integrity_metadata: integrity_metadata,
         .. RequestInit::default()
     };
 
@@ -365,7 +366,13 @@ impl HTMLScriptElement {
 
         // TODO: Step 15: Nonce.
 
-        // TODO: Step 16: Parser state.
+        // Step 16: Integrity Metadata
+        let im_attribute = element.get_attribute(&ns!(), &local_name!("integrity"));
+        let integrity_val = im_attribute.r().map(|a| a.value());
+        let integrity_metadata = match integrity_val {
+            Some(ref value) => &***value,
+            None => "",
+        };
 
         // TODO: Step 17: environment settings object.
 
@@ -393,7 +400,7 @@ impl HTMLScriptElement {
                 };
 
                 // Step 18.6.
-                fetch_a_classic_script(self, url, cors_setting, encoding);
+                fetch_a_classic_script(self, url, cors_setting, integrity_metadata.to_owned(), encoding);
 
                 true
             },
@@ -675,6 +682,11 @@ impl HTMLScriptElementMethods for HTMLScriptElement {
     // https://html.spec.whatwg.org/multipage/#dom-script-defer
     make_bool_setter!(SetDefer, "defer");
 
+    // https://html.spec.whatwg.org/multipage/#dom-script-integrity
+    make_getter!(Integrity, "integrity");
+    // https://html.spec.whatwg.org/multipage/#dom-script-integrity
+    make_setter!(SetIntegrity, "integrity");
+
     // https://html.spec.whatwg.org/multipage/#dom-script-event
     make_getter!(Event, "event");
     // https://html.spec.whatwg.org/multipage/#dom-script-event
diff --git a/components/script/dom/webidls/HTMLLinkElement.webidl b/components/script/dom/webidls/HTMLLinkElement.webidl
index e7bec059efe..46b611d3548 100644
--- a/components/script/dom/webidls/HTMLLinkElement.webidl
+++ b/components/script/dom/webidls/HTMLLinkElement.webidl
@@ -11,6 +11,7 @@ interface HTMLLinkElement : HTMLElement {
            attribute DOMString media;
            attribute DOMString hreflang;
            attribute DOMString type;
+           attribute DOMString integrity;
   // [SameObject, PutForwards=value] readonly attribute DOMTokenList sizes;
 
   // also has obsolete members
diff --git a/components/script/dom/webidls/HTMLScriptElement.webidl b/components/script/dom/webidls/HTMLScriptElement.webidl
index 4a0827800ed..0dcc9ddf69a 100644
--- a/components/script/dom/webidls/HTMLScriptElement.webidl
+++ b/components/script/dom/webidls/HTMLScriptElement.webidl
@@ -12,6 +12,7 @@ interface HTMLScriptElement : HTMLElement {
            attribute DOMString? crossOrigin;
            [Pure]
            attribute DOMString text;
+           attribute DOMString integrity;
 
   // also has obsolete members
 };
author	bors-servo <lbergstrom+bors@mozilla.com>	2017-01-07 23:14:37 -0800
committer	GitHub <noreply@github.com>	2017-01-07 23:14:37 -0800
commit	f958dafcaeed643f1232a23f5c2d4f6ba141bfea (patch)
tree	04272dd512cf96ca0425ffee7c88b6f2936b4844 /components/script/dom
parent	cdf14730ff4c17afdfdcc0cefbd0683a4324ba8e (diff)
parent	a3026499f43860c0d02170534bee20f8f5cc7faa (diff)
download	servo-f958dafcaeed643f1232a23f5c2d4f6ba141bfea.tar.gz servo-f958dafcaeed643f1232a23f5c2d4f6ba141bfea.zip