diff options
author | bors-servo <lbergstrom+bors@mozilla.com> | 2017-01-07 23:14:37 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-01-07 23:14:37 -0800 |
commit | f958dafcaeed643f1232a23f5c2d4f6ba141bfea (patch) | |
tree | 04272dd512cf96ca0425ffee7c88b6f2936b4844 /components/script/dom | |
parent | cdf14730ff4c17afdfdcc0cefbd0683a4324ba8e (diff) | |
parent | a3026499f43860c0d02170534bee20f8f5cc7faa (diff) | |
download | servo-f958dafcaeed643f1232a23f5c2d4f6ba141bfea.tar.gz servo-f958dafcaeed643f1232a23f5c2d4f6ba141bfea.zip |
Auto merge of #14865 - mrnayak:sri-fetch, r=jdm
Implement Subresource Integrity
Implemented response validation part of https://w3c.github.io/webappsec-subresource-integrity/.
Implemented step eighteen of the main fetch. If a request has integrity metadata, then following steps are performed
1) Wait for response body
2) If the response does not have a termination reason and response does not match request’s integrity metadata, set response and internalResponse to a network error.
Dependency updated: html5ever-atoms from 0.1.2 to 0.1.3. This will not completely fix #14523, It will implement changes related to response validation. Request validation algorithm implementation needs CSP.
I did not update any WPT-Test. In my local system, I found some assertion issue dependent on the order of execution of test-case. It would be helpful if someone could do "try" build on these changes to get wpt results.
r? @jdm
<!-- Please describe your changes on the following line: -->
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
<!-- Either: -->
- [X] There are tests for these changes
<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->
<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/14865)
<!-- Reviewable:end -->
Diffstat (limited to 'components/script/dom')
-rw-r--r-- | components/script/dom/htmllinkelement.rs | 16 | ||||
-rw-r--r-- | components/script/dom/htmlscriptelement.rs | 18 | ||||
-rw-r--r-- | components/script/dom/webidls/HTMLLinkElement.webidl | 1 | ||||
-rw-r--r-- | components/script/dom/webidls/HTMLScriptElement.webidl | 1 |
4 files changed, 32 insertions, 4 deletions
diff --git a/components/script/dom/htmllinkelement.rs b/components/script/dom/htmllinkelement.rs index ee4ee4718cf..24b4e779099 100644 --- a/components/script/dom/htmllinkelement.rs +++ b/components/script/dom/htmllinkelement.rs @@ -243,16 +243,24 @@ impl HTMLLinkElement { Some(ref value) => &***value, None => "", }; + let mut css_parser = CssParser::new(&mq_str); let media = parse_media_query_list(&mut css_parser); + let im_attribute = element.get_attribute(&ns!(), &local_name!("integrity")); + let integrity_val = im_attribute.r().map(|a| a.value()); + let integrity_metadata = match integrity_val { + Some(ref value) => &***value, + None => "", + }; + // TODO: #8085 - Don't load external stylesheets if the node's mq // doesn't match. let loader = StylesheetLoader::for_element(self.upcast()); loader.load(StylesheetContextSource::LinkElement { url: url, media: Some(media), - }); + }, integrity_metadata.to_owned()); } fn handle_favicon_url(&self, rel: &str, href: &str, sizes: &Option<String>) { @@ -328,6 +336,12 @@ impl HTMLLinkElementMethods for HTMLLinkElement { // https://html.spec.whatwg.org/multipage/#dom-link-media make_setter!(SetMedia, "media"); + // https://html.spec.whatwg.org/multipage/#dom-link-integrity + make_getter!(Integrity, "integrity"); + + // https://html.spec.whatwg.org/multipage/#dom-link-integrity + make_setter!(SetIntegrity, "integrity"); + // https://html.spec.whatwg.org/multipage/#dom-link-hreflang make_getter!(Hreflang, "hreflang"); diff --git a/components/script/dom/htmlscriptelement.rs b/components/script/dom/htmlscriptelement.rs index 9558d9c4b41..9c2bcfd583c 100644 --- a/components/script/dom/htmlscriptelement.rs +++ b/components/script/dom/htmlscriptelement.rs @@ -40,7 +40,6 @@ use std::ascii::AsciiExt; use std::cell::Cell; use std::sync::{Arc, Mutex}; use style::str::{HTML_SPACE_CHARACTERS, StaticStringVec}; - #[dom_struct] pub struct HTMLScriptElement { htmlelement: HTMLElement, @@ -221,6 +220,7 @@ impl PreInvoke for ScriptContext {} fn fetch_a_classic_script(script: &HTMLScriptElement, url: ServoUrl, cors_setting: Option<CorsSettings>, + integrity_metadata: String, character_encoding: EncodingRef) { let doc = document_from_node(script); @@ -245,6 +245,7 @@ fn fetch_a_classic_script(script: &HTMLScriptElement, pipeline_id: Some(script.global().pipeline_id()), referrer_url: Some(doc.url()), referrer_policy: doc.get_referrer_policy(), + integrity_metadata: integrity_metadata, .. RequestInit::default() }; @@ -365,7 +366,13 @@ impl HTMLScriptElement { // TODO: Step 15: Nonce. - // TODO: Step 16: Parser state. + // Step 16: Integrity Metadata + let im_attribute = element.get_attribute(&ns!(), &local_name!("integrity")); + let integrity_val = im_attribute.r().map(|a| a.value()); + let integrity_metadata = match integrity_val { + Some(ref value) => &***value, + None => "", + }; // TODO: Step 17: environment settings object. @@ -393,7 +400,7 @@ impl HTMLScriptElement { }; // Step 18.6. - fetch_a_classic_script(self, url, cors_setting, encoding); + fetch_a_classic_script(self, url, cors_setting, integrity_metadata.to_owned(), encoding); true }, @@ -675,6 +682,11 @@ impl HTMLScriptElementMethods for HTMLScriptElement { // https://html.spec.whatwg.org/multipage/#dom-script-defer make_bool_setter!(SetDefer, "defer"); + // https://html.spec.whatwg.org/multipage/#dom-script-integrity + make_getter!(Integrity, "integrity"); + // https://html.spec.whatwg.org/multipage/#dom-script-integrity + make_setter!(SetIntegrity, "integrity"); + // https://html.spec.whatwg.org/multipage/#dom-script-event make_getter!(Event, "event"); // https://html.spec.whatwg.org/multipage/#dom-script-event diff --git a/components/script/dom/webidls/HTMLLinkElement.webidl b/components/script/dom/webidls/HTMLLinkElement.webidl index e7bec059efe..46b611d3548 100644 --- a/components/script/dom/webidls/HTMLLinkElement.webidl +++ b/components/script/dom/webidls/HTMLLinkElement.webidl @@ -11,6 +11,7 @@ interface HTMLLinkElement : HTMLElement { attribute DOMString media; attribute DOMString hreflang; attribute DOMString type; + attribute DOMString integrity; // [SameObject, PutForwards=value] readonly attribute DOMTokenList sizes; // also has obsolete members diff --git a/components/script/dom/webidls/HTMLScriptElement.webidl b/components/script/dom/webidls/HTMLScriptElement.webidl index 4a0827800ed..0dcc9ddf69a 100644 --- a/components/script/dom/webidls/HTMLScriptElement.webidl +++ b/components/script/dom/webidls/HTMLScriptElement.webidl @@ -12,6 +12,7 @@ interface HTMLScriptElement : HTMLElement { attribute DOMString? crossOrigin; [Pure] attribute DOMString text; + attribute DOMString integrity; // also has obsolete members }; |