Changeset 216347 in webkit
- Timestamp:
- May 7, 2017 3:24:48 AM (7 years ago)
- Location:
- trunk
- Files:
-
- 24 added
- 20 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r216342 r216347 1 2017-05-07 Sam Weinig <sam@webkit.org> 2 3 Implement Subresource Integrity (SRI) 4 https://bugs.webkit.org/show_bug.cgi?id=148363 5 <rdar://problem/18945879> 6 7 Reviewed by Daniel Bates. 8 9 Add tests for Subresource Integrity based off the ones from Web 10 Platform Tests. They have been changed to: 11 - Split <link> and <script> testing. 12 - Add additional tests: 13 - Integrity hashes using base64URL encoding. 14 - Integrity hashes using mixed base64 and base64URL encoding. 15 - Integrity metadata that does not conform to the grammar at all. 16 - Multiple valid, but only one matching, integrity hashes. 17 - Non-matching integrity hash with options. 18 - Run one at a time, so console output is consistent. 19 20 We can/should upstream these changes, but this avoids the possibility that 21 an update of the imported web-platform-tests could cause these tests to fail. 22 23 Also adds tests that show the Subresource Integrity setting works correctly. 24 25 * http/tests/subresource-integrity: Added. 26 * http/tests/subresource-integrity/.htaccess: Added. 27 * http/tests/subresource-integrity/resources: Added. 28 * http/tests/subresource-integrity/resources/alternate.css: Added. 29 * http/tests/subresource-integrity/resources/crossorigin-anon-script.js: Added. 30 * http/tests/subresource-integrity/resources/crossorigin-anon-style.css: Added. 31 * http/tests/subresource-integrity/resources/crossorigin-creds-script.js: Added. 32 * http/tests/subresource-integrity/resources/crossorigin-creds-style.css: Added. 33 * http/tests/subresource-integrity/resources/crossorigin-ineligible-script.js: Added. 34 * http/tests/subresource-integrity/resources/crossorigin-ineligible-style.css: Added. 35 * http/tests/subresource-integrity/resources/matching-digest.js: Added. 36 * http/tests/subresource-integrity/resources/non-matching-digest.js: Added. 37 * http/tests/subresource-integrity/resources/sri-utilities.js: Added. 38 * http/tests/subresource-integrity/resources/style.css: Added. 39 * http/tests/subresource-integrity/sri-disabled-with-setting-expected.txt: Added. 40 * http/tests/subresource-integrity/sri-disabled-with-setting.html: Added. 41 * http/tests/subresource-integrity/sri-enabled-with-setting-expected.txt: Added. 42 * http/tests/subresource-integrity/sri-enabled-with-setting.html: Added. 43 * http/tests/subresource-integrity/sri-script-expected.txt: Added. 44 * http/tests/subresource-integrity/sri-script.html: Added. 45 * http/tests/subresource-integrity/sri-style-expected.txt: Added. 46 * http/tests/subresource-integrity/sri-style.html: Added. 47 1 48 2017-05-06 Myles C. Maxfield <mmaxfield@apple.com> 2 49 -
trunk/LayoutTests/imported/w3c/ChangeLog
r216195 r216347 1 2017-05-07 Sam Weinig <sam@webkit.org> 2 3 Implement Subresource Integrity (SRI) 4 https://bugs.webkit.org/show_bug.cgi?id=148363 5 6 Reviewed by Daniel Bates. 7 8 * web-platform-tests/html/dom/reflection-metadata-expected.txt: 9 * web-platform-tests/html/dom/reflection-misc-expected.txt: 10 Update results now that we support the reflected 'integrity' property. 11 1 12 2017-05-04 Daniel Bates <dabates@apple.com> 2 13 -
trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/reflection-metadata-expected.txt
r210823 r216347 1208 1208 PASS link.nonce: IDL set to object "test-toString" 1209 1209 PASS link.nonce: IDL set to object "test-valueOf" 1210 FAIL link.integrity: typeof IDL attribute assert_equals: expected "string" but got "undefined" 1211 FAIL link.integrity: IDL get with DOM attribute unset assert_equals: expected (string) "" but got (undefined) undefined 1212 FAIL link.integrity: setAttribute() to "" assert_equals: IDL get expected (string) "" but got (undefined) undefined 1213 FAIL link.integrity: setAttribute() to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo " assert_equals: IDL get expected (string) " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo " but got (undefined) undefined 1214 FAIL link.integrity: setAttribute() to undefined assert_equals: IDL get expected (string) "undefined" but got (undefined) undefined 1215 FAIL link.integrity: setAttribute() to 7 assert_equals: IDL get expected (string) "7" but got (undefined) undefined 1216 FAIL link.integrity: setAttribute() to 1.5 assert_equals: IDL get expected (string) "1.5" but got (undefined) undefined 1217 FAIL link.integrity: setAttribute() to true assert_equals: IDL get expected (string) "true" but got (undefined) undefined 1218 FAIL link.integrity: setAttribute() to false assert_equals: IDL get expected (string) "false" but got (undefined) undefined 1219 FAIL link.integrity: setAttribute() to object "[object Object]" assert_equals: IDL get expected (string) "[object Object]" but got (undefined) undefined 1220 FAIL link.integrity: setAttribute() to NaN assert_equals: IDL get expected (string) "NaN" but got (undefined) undefined 1221 FAIL link.integrity: setAttribute() to Infinity assert_equals: IDL get expected (string) "Infinity" but got (undefined) undefined 1222 FAIL link.integrity: setAttribute() to -Infinity assert_equals: IDL get expected (string) "-Infinity" but got (undefined) undefined 1223 FAIL link.integrity: setAttribute() to "\0" assert_equals: IDL get expected (string) "\0" but got (undefined) undefined 1224 FAIL link.integrity: setAttribute() to null assert_equals: IDL get expected (string) "null" but got (undefined) undefined 1225 FAIL link.integrity: setAttribute() to object "test-toString" assert_equals: IDL get expected (string) "test-toString" but got (undefined) undefined 1226 FAIL link.integrity: setAttribute() to object "test-valueOf" assert_equals: IDL get expected (string) "test-valueOf" but got (undefined) undefined 1227 FAIL link.integrity: IDL set to "" assert_equals: getAttribute() expected "" but got "test-valueOf" 1228 FAIL link.integrity: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo " assert_equals: getAttribute() expected " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo " but got "test-valueOf" 1229 FAIL link.integrity: IDL set to undefined assert_equals: getAttribute() expected "undefined" but got "test-valueOf" 1230 FAIL link.integrity: IDL set to 7 assert_equals: getAttribute() expected "7" but got "test-valueOf" 1231 FAIL link.integrity: IDL set to 1.5 assert_equals: getAttribute() expected "1.5" but got "test-valueOf" 1232 FAIL link.integrity: IDL set to true assert_equals: getAttribute() expected "true" but got "test-valueOf" 1233 FAIL link.integrity: IDL set to false assert_equals: getAttribute() expected "false" but got "test-valueOf" 1234 FAIL link.integrity: IDL set to object "[object Object]" assert_equals: getAttribute() expected "[object Object]" but got "test-valueOf" 1235 FAIL link.integrity: IDL set to NaN assert_equals: getAttribute() expected "NaN" but got "test-valueOf" 1236 FAIL link.integrity: IDL set to Infinity assert_equals: getAttribute() expected "Infinity" but got "test-valueOf" 1237 FAIL link.integrity: IDL set to -Infinity assert_equals: getAttribute() expected "-Infinity" but got "test-valueOf" 1238 FAIL link.integrity: IDL set to "\0" assert_equals: getAttribute() expected "\0" but got "test-valueOf" 1239 FAIL link.integrity: IDL set to null assert_equals: getAttribute() expected "null" but got "test-valueOf" 1240 FAIL link.integrity: IDL set to object "test-toString" assert_equals: getAttribute() expected "test-toString" but got "test-valueOf" 1241 FAIL link.integrity: IDL set to object "test-valueOf" assert_equals: IDL get expected (string) "test-valueOf" but got (object) object "test-valueOf" 1210 PASS link.integrity: typeof IDL attribute 1211 PASS link.integrity: IDL get with DOM attribute unset 1212 PASS link.integrity: setAttribute() to "" 1213 PASS link.integrity: setAttribute() to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo " 1214 PASS link.integrity: setAttribute() to undefined 1215 PASS link.integrity: setAttribute() to 7 1216 PASS link.integrity: setAttribute() to 1.5 1217 PASS link.integrity: setAttribute() to true 1218 PASS link.integrity: setAttribute() to false 1219 PASS link.integrity: setAttribute() to object "[object Object]" 1220 PASS link.integrity: setAttribute() to NaN 1221 PASS link.integrity: setAttribute() to Infinity 1222 PASS link.integrity: setAttribute() to -Infinity 1223 PASS link.integrity: setAttribute() to "\0" 1224 PASS link.integrity: setAttribute() to null 1225 PASS link.integrity: setAttribute() to object "test-toString" 1226 PASS link.integrity: setAttribute() to object "test-valueOf" 1227 PASS link.integrity: IDL set to "" 1228 PASS link.integrity: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo " 1229 PASS link.integrity: IDL set to undefined 1230 PASS link.integrity: IDL set to 7 1231 PASS link.integrity: IDL set to 1.5 1232 PASS link.integrity: IDL set to true 1233 PASS link.integrity: IDL set to false 1234 PASS link.integrity: IDL set to object "[object Object]" 1235 PASS link.integrity: IDL set to NaN 1236 PASS link.integrity: IDL set to Infinity 1237 PASS link.integrity: IDL set to -Infinity 1238 PASS link.integrity: IDL set to "\0" 1239 PASS link.integrity: IDL set to null 1240 PASS link.integrity: IDL set to object "test-toString" 1241 PASS link.integrity: IDL set to object "test-valueOf" 1242 1242 PASS link.hreflang: typeof IDL attribute 1243 1243 PASS link.hreflang: IDL get with DOM attribute unset -
trunk/LayoutTests/imported/w3c/web-platform-tests/html/dom/reflection-misc-expected.txt
r212202 r216347 780 780 PASS script.nonce: IDL set to object "test-toString" 781 781 PASS script.nonce: IDL set to object "test-valueOf" 782 FAIL script.integrity: typeof IDL attribute assert_equals: expected "string" but got "undefined" 783 FAIL script.integrity: IDL get with DOM attribute unset assert_equals: expected (string) "" but got (undefined) undefined 784 FAIL script.integrity: setAttribute() to "" assert_equals: IDL get expected (string) "" but got (undefined) undefined 785 FAIL script.integrity: setAttribute() to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo " assert_equals: IDL get expected (string) " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo " but got (undefined) undefined 786 FAIL script.integrity: setAttribute() to undefined assert_equals: IDL get expected (string) "undefined" but got (undefined) undefined 787 FAIL script.integrity: setAttribute() to 7 assert_equals: IDL get expected (string) "7" but got (undefined) undefined 788 FAIL script.integrity: setAttribute() to 1.5 assert_equals: IDL get expected (string) "1.5" but got (undefined) undefined 789 FAIL script.integrity: setAttribute() to true assert_equals: IDL get expected (string) "true" but got (undefined) undefined 790 FAIL script.integrity: setAttribute() to false assert_equals: IDL get expected (string) "false" but got (undefined) undefined 791 FAIL script.integrity: setAttribute() to object "[object Object]" assert_equals: IDL get expected (string) "[object Object]" but got (undefined) undefined 792 FAIL script.integrity: setAttribute() to NaN assert_equals: IDL get expected (string) "NaN" but got (undefined) undefined 793 FAIL script.integrity: setAttribute() to Infinity assert_equals: IDL get expected (string) "Infinity" but got (undefined) undefined 794 FAIL script.integrity: setAttribute() to -Infinity assert_equals: IDL get expected (string) "-Infinity" but got (undefined) undefined 795 FAIL script.integrity: setAttribute() to "\0" assert_equals: IDL get expected (string) "\0" but got (undefined) undefined 796 FAIL script.integrity: setAttribute() to null assert_equals: IDL get expected (string) "null" but got (undefined) undefined 797 FAIL script.integrity: setAttribute() to object "test-toString" assert_equals: IDL get expected (string) "test-toString" but got (undefined) undefined 798 FAIL script.integrity: setAttribute() to object "test-valueOf" assert_equals: IDL get expected (string) "test-valueOf" but got (undefined) undefined 799 FAIL script.integrity: IDL set to "" assert_equals: getAttribute() expected "" but got "test-valueOf" 800 FAIL script.integrity: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo " assert_equals: getAttribute() expected " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo " but got "test-valueOf" 801 FAIL script.integrity: IDL set to undefined assert_equals: getAttribute() expected "undefined" but got "test-valueOf" 802 FAIL script.integrity: IDL set to 7 assert_equals: getAttribute() expected "7" but got "test-valueOf" 803 FAIL script.integrity: IDL set to 1.5 assert_equals: getAttribute() expected "1.5" but got "test-valueOf" 804 FAIL script.integrity: IDL set to true assert_equals: getAttribute() expected "true" but got "test-valueOf" 805 FAIL script.integrity: IDL set to false assert_equals: getAttribute() expected "false" but got "test-valueOf" 806 FAIL script.integrity: IDL set to object "[object Object]" assert_equals: getAttribute() expected "[object Object]" but got "test-valueOf" 807 FAIL script.integrity: IDL set to NaN assert_equals: getAttribute() expected "NaN" but got "test-valueOf" 808 FAIL script.integrity: IDL set to Infinity assert_equals: getAttribute() expected "Infinity" but got "test-valueOf" 809 FAIL script.integrity: IDL set to -Infinity assert_equals: getAttribute() expected "-Infinity" but got "test-valueOf" 810 FAIL script.integrity: IDL set to "\0" assert_equals: getAttribute() expected "\0" but got "test-valueOf" 811 FAIL script.integrity: IDL set to null assert_equals: getAttribute() expected "null" but got "test-valueOf" 812 FAIL script.integrity: IDL set to object "test-toString" assert_equals: getAttribute() expected "test-toString" but got "test-valueOf" 813 FAIL script.integrity: IDL set to object "test-valueOf" assert_equals: IDL get expected (string) "test-valueOf" but got (object) object "test-valueOf" 782 PASS script.integrity: typeof IDL attribute 783 PASS script.integrity: IDL get with DOM attribute unset 784 PASS script.integrity: setAttribute() to "" 785 PASS script.integrity: setAttribute() to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo " 786 PASS script.integrity: setAttribute() to undefined 787 PASS script.integrity: setAttribute() to 7 788 PASS script.integrity: setAttribute() to 1.5 789 PASS script.integrity: setAttribute() to true 790 PASS script.integrity: setAttribute() to false 791 PASS script.integrity: setAttribute() to object "[object Object]" 792 PASS script.integrity: setAttribute() to NaN 793 PASS script.integrity: setAttribute() to Infinity 794 PASS script.integrity: setAttribute() to -Infinity 795 PASS script.integrity: setAttribute() to "\0" 796 PASS script.integrity: setAttribute() to null 797 PASS script.integrity: setAttribute() to object "test-toString" 798 PASS script.integrity: setAttribute() to object "test-valueOf" 799 PASS script.integrity: IDL set to "" 800 PASS script.integrity: IDL set to " \0\x01\x02\x03\x04\x05\x06\x07 \b\t\n\v\f\r\x0e\x0f \x10\x11\x12\x13\x14\x15\x16\x17 \x18\x19\x1a\x1b\x1c\x1d\x1e\x1f foo " 801 PASS script.integrity: IDL set to undefined 802 PASS script.integrity: IDL set to 7 803 PASS script.integrity: IDL set to 1.5 804 PASS script.integrity: IDL set to true 805 PASS script.integrity: IDL set to false 806 PASS script.integrity: IDL set to object "[object Object]" 807 PASS script.integrity: IDL set to NaN 808 PASS script.integrity: IDL set to Infinity 809 PASS script.integrity: IDL set to -Infinity 810 PASS script.integrity: IDL set to "\0" 811 PASS script.integrity: IDL set to null 812 PASS script.integrity: IDL set to object "test-toString" 813 PASS script.integrity: IDL set to object "test-valueOf" 814 814 PASS script.event: typeof IDL attribute 815 815 PASS script.event: IDL get with DOM attribute unset -
trunk/Source/WebCore/CMakeLists.txt
r216234 r216347 1974 1974 loader/SinkDocument.cpp 1975 1975 loader/SubframeLoader.cpp 1976 loader/SubresourceIntegrity.cpp 1976 1977 loader/SubresourceLoader.cpp 1977 1978 loader/TextResourceDecoder.cpp -
trunk/Source/WebCore/ChangeLog
r216343 r216347 1 2017-05-07 Sam Weinig <sam@webkit.org> 2 3 Implement Subresource Integrity (SRI) 4 https://bugs.webkit.org/show_bug.cgi?id=148363 5 <rdar://problem/18945879> 6 7 Reviewed by Daniel Bates. 8 9 Tests: http/tests/subresource-integrity/sri-disabled-with-setting.html 10 http/tests/subresource-integrity/sri-enabled-with-setting.html 11 http/tests/subresource-integrity/sri-script-cors.html 12 http/tests/subresource-integrity/sri-style-cors.html 13 14 * CMakeLists.txt: 15 * WebCore.xcodeproj/project.pbxproj: 16 Add new files. 17 18 * dom/LoadableClassicScript.cpp: 19 (WebCore::LoadableClassicScript::create): 20 (WebCore::LoadableClassicScript::notifyFinished): 21 * dom/LoadableClassicScript.h: 22 * dom/LoadableScript.h: 23 * dom/ScriptElement.cpp: 24 (WebCore::ScriptElement::requestClassicScript): 25 Store integrity metadata in the script fetcher so it can be passed to 26 the checked when script load finishes. 27 28 * html/HTMLAttributeNames.in: 29 Add 'integrity'. 30 31 * html/HTMLLinkElement.cpp: 32 (WebCore::HTMLLinkElement::process): 33 When requesting a stylesheet, cache the integrity metadata so it can 34 be used when the load completes (accessing the attribute at load completion 35 time is incorrect, as a script might have changed the attributes value since 36 the request was made). 37 38 (WebCore::HTMLLinkElement::setCSSStyleSheet): 39 Add an integrity check using the cached integrity metadata when a load 40 finishes. 41 42 * html/HTMLLinkElement.h: 43 Add cached integrity metadata member. 44 45 * html/HTMLLinkElement.idl: 46 * html/HTMLScriptElement.idl: 47 Add integrity property. 48 49 * html/parser/HTMLParserIdioms.h: 50 (WebCore::isNotHTMLSpace): 51 Templatize isNotHTMLSpace so it can work for both UChar and LChar. 52 53 * loader/ResourceCryptographicDigest.cpp: 54 (WebCore::parseCryptographicDigestImpl): 55 (WebCore::parseEncodedCryptographicDigestImpl): 56 (WebCore::parseEncodedCryptographicDigest): 57 (WebCore::decodeEncodedResourceCryptographicDigest): 58 * loader/ResourceCryptographicDigest.h: 59 Add concept of an encoded digest to more closely model the spec so that hashes 60 that match the grammar but are invalid (say, mixing base64 and base64URL) make 61 it through the algorithm longer, and don't cause us to load something that should 62 be blocked. 63 64 * loader/SubresourceIntegrity.cpp: Added. 65 * loader/SubresourceIntegrity.h: Added. 66 Add implementation of Subresource Integrity metadata validation allowing 67 for a CachedResource and integrity metadata to be passed for validation. 68 69 * page/Settings.in: 70 Add setting for Subresource Integrity, defaulted to enabled. 71 1 72 2017-05-07 Michael Catanzaro <mcatanzaro@igalia.com> 2 73 -
trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj
r216234 r216347 3241 3241 7CE9A12B1EA2F1DB00651AD1 /* IDLAttributes.json in Headers */ = {isa = PBXBuildFile; fileRef = A83B533814F399BB00720D9D /* IDLAttributes.json */; settings = {ATTRIBUTES = (Private, ); }; }; 3242 3242 7CEF26191D6A931700BE905D /* JSCryptoCustom.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7CEF26181D6A92E300BE905D /* JSCryptoCustom.cpp */; }; 3243 7CF1589B1EBC4CFD00D4BFB7 /* SubresourceIntegrity.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7CF158991EBBCDC700D4BFB7 /* SubresourceIntegrity.cpp */; }; 3243 3244 7CF930E71E01F9B400BAFFBE /* PaymentHeaders.h in Headers */ = {isa = PBXBuildFile; fileRef = 7CF930E61E01F9AD00BAFFBE /* PaymentHeaders.h */; settings = {ATTRIBUTES = (Private, ); }; }; 3244 3245 7CFDC57C1AC1D80500E24A57 /* ContentExtensionError.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7CFDC57A1AC1D80500E24A57 /* ContentExtensionError.cpp */; }; … … 11269 11270 7CE6CBFC187F394900D46BF5 /* FormatConverter.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = FormatConverter.cpp; sourceTree = "<group>"; }; 11270 11271 7CEF26181D6A92E300BE905D /* JSCryptoCustom.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSCryptoCustom.cpp; sourceTree = "<group>"; }; 11272 7CF158991EBBCDC700D4BFB7 /* SubresourceIntegrity.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SubresourceIntegrity.cpp; sourceTree = "<group>"; }; 11273 7CF1589A1EBBCDC700D4BFB7 /* SubresourceIntegrity.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SubresourceIntegrity.h; sourceTree = "<group>"; }; 11271 11274 7CF930E61E01F9AD00BAFFBE /* PaymentHeaders.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PaymentHeaders.h; sourceTree = "<group>"; }; 11272 11275 7CFDC57A1AC1D80500E24A57 /* ContentExtensionError.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ContentExtensionError.cpp; sourceTree = "<group>"; }; … … 23802 23805 D000ED2511C1B9CD00C47726 /* SubframeLoader.cpp */, 23803 23806 D000ED2611C1B9CD00C47726 /* SubframeLoader.h */, 23807 7CF158991EBBCDC700D4BFB7 /* SubresourceIntegrity.cpp */, 23808 7CF1589A1EBBCDC700D4BFB7 /* SubresourceIntegrity.h */, 23804 23809 93E227DF0AF589AD00D48324 /* SubresourceLoader.cpp */, 23805 23810 656D37300ADBA5DE00A4554D /* SubresourceLoader.h */, … … 31862 31867 511EF2D117F0FDF100E4FA16 /* JSIDBObjectStoreCustom.cpp in Sources */, 31863 31868 511EF2C817F0FD3500E4FA16 /* JSIDBOpenDBRequest.cpp in Sources */, 31869 7CF1589B1EBC4CFD00D4BFB7 /* SubresourceIntegrity.cpp in Sources */, 31864 31870 511EF2C917F0FD3500E4FA16 /* JSIDBRequest.cpp in Sources */, 31865 31871 511EF2CA17F0FD3500E4FA16 /* JSIDBTransaction.cpp in Sources */, -
trunk/Source/WebCore/dom/LoadableClassicScript.cpp
r216217 r216347 29 29 #include "ScriptElement.h" 30 30 #include "ScriptSourceCode.h" 31 #include "SubresourceIntegrity.h" 31 32 #include <wtf/NeverDestroyed.h> 32 33 #include <wtf/text/StringImpl.h> … … 34 35 namespace WebCore { 35 36 36 Ref<LoadableClassicScript> LoadableClassicScript::create(const String& nonce, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree)37 Ref<LoadableClassicScript> LoadableClassicScript::create(const String& nonce, const String& integrityMetadata, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree) 37 38 { 38 return adoptRef(*new LoadableClassicScript(nonce, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree));39 return adoptRef(*new LoadableClassicScript(nonce, integrityMetadata, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree)); 39 40 } 40 41 … … 97 98 #endif 98 99 100 if (!m_error && !resource.errorOccurred() && !matchIntegrityMetadata(resource, m_integrity)) { 101 m_error = Error { 102 ErrorType::FailedIntegrityCheck, 103 ConsoleMessage { MessageSource::Security, MessageLevel::Error, makeString("Cannot load script ", m_cachedScript->url().stringCenterEllipsizedToLength(), ". Failed integrity metadata check.") } 104 }; 105 } 106 99 107 notifyClientFinished(); 100 108 } -
trunk/Source/WebCore/dom/LoadableClassicScript.h
r211280 r216347 42 42 virtual ~LoadableClassicScript(); 43 43 44 static Ref<LoadableClassicScript> create(const String& nonce, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree);44 static Ref<LoadableClassicScript> create(const String& nonce, const String& integrity, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree); 45 45 bool isLoaded() const final; 46 46 std::optional<Error> error() const final; … … 57 57 58 58 private: 59 LoadableClassicScript(const String& nonce, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree)59 LoadableClassicScript(const String& nonce, const String& integrity, const String& crossOriginMode, const String& charset, const AtomicString& initiatorName, bool isInUserAgentShadowTree) 60 60 : LoadableScript(nonce, crossOriginMode, charset, initiatorName, isInUserAgentShadowTree) 61 , m_integrity(integrity) 61 62 { 62 63 } … … 66 67 CachedResourceHandle<CachedScript> m_cachedScript { }; 67 68 std::optional<Error> m_error { std::nullopt }; 69 String m_integrity; 68 70 }; 69 71 -
trunk/Source/WebCore/dom/LoadableScript.h
r211280 r216347 43 43 CrossOriginLoad, 44 44 Nosniff, 45 FailedIntegrityCheck, 45 46 }; 46 47 -
trunk/Source/WebCore/dom/ScriptElement.cpp
r211965 r216347 49 49 #include "ScriptSourceCode.h" 50 50 #include "ScriptableDocumentParser.h" 51 #include "Settings.h" 51 52 #include "TextNodeTraversal.h" 52 53 #include <wtf/StdLibExtras.h> … … 295 296 auto script = LoadableClassicScript::create( 296 297 m_element.attributeWithoutSynchronization(HTMLNames::nonceAttr), 298 m_element.document().settings().subresourceIntegrityEnabled() ? m_element.attributeWithoutSynchronization(HTMLNames::integrityAttr).string() : emptyString(), 297 299 m_element.attributeWithoutSynchronization(HTMLNames::crossoriginAttr), 298 300 scriptCharset(), -
trunk/Source/WebCore/html/HTMLAttributeNames.in
r215989 r216347 139 139 incremental 140 140 indeterminate 141 integrity 141 142 is 142 143 ismap -
trunk/Source/WebCore/html/HTMLLinkElement.cpp
r215816 r216347 55 55 #include "StyleScope.h" 56 56 #include "StyleSheetContents.h" 57 #include "SubresourceIntegrity.h" 57 58 #include <wtf/Ref.h> 58 59 #include <wtf/SetForScope.h> … … 240 241 if (m_disabledState != Disabled && treatAsStyleSheet && document().frame() && url.isValid()) { 241 242 String charset = attributeWithoutSynchronization(charsetAttr); 242 if (charset.isEmpty() && document().frame())243 if (charset.isEmpty()) 243 244 charset = document().charset(); 244 245 … … 276 277 priority = ResourceLoadPriority::VeryLow; 277 278 279 if (document().settings().subresourceIntegrityEnabled()) 280 m_integrityMetadataForPendingSheetRequest = attributeWithoutSynchronization(HTMLNames::integrityAttr); 281 278 282 ResourceLoaderOptions options = CachedResourceLoader::defaultCachedResourceOptions(); 279 283 options.sameOriginDataURLFlag = SameOriginDataURLFlag::Set; … … 283 287 CachedResourceRequest request(url, options, priority, WTFMove(charset)); 284 288 request.setInitiator(*this); 285 286 289 request.setAsPotentiallyCrossOrigin(crossOrigin(), document()); 287 290 … … 294 297 // The request may have been denied if (for example) the stylesheet is local and the document is remote. 295 298 m_loading = false; 296 removePendingSheet(); 299 sheetLoaded(); 300 notifyLoadedSheetAndAllCriticalSubresources(false); 297 301 } 298 302 } else if (m_sheet) { … … 343 347 m_styleScope = nullptr; 344 348 } 345 346 349 } 347 350 … … 376 379 // Completing the sheet load may cause scripts to execute. 377 380 Ref<HTMLLinkElement> protectedThis(*this); 381 382 if (!cachedStyleSheet->errorOccurred() && !matchIntegrityMetadata(*cachedStyleSheet, m_integrityMetadataForPendingSheetRequest)) { 383 document().addConsoleMessage(MessageSource::Security, MessageLevel::Error, makeString("Cannot load stylesheet ", cachedStyleSheet->url().stringCenterEllipsizedToLength(), ". Failed integrity metadata check.")); 384 385 m_loading = false; 386 sheetLoaded(); 387 notifyLoadedSheetAndAllCriticalSubresources(true); 388 return; 389 } 378 390 379 391 CSSParserContext parserContext(document(), baseURL, charset); -
trunk/Source/WebCore/html/HTMLLinkElement.h
r214378 r216347 136 136 137 137 PendingSheetType m_pendingSheetType; 138 String m_integrityMetadataForPendingSheetRequest; 138 139 139 140 std::unique_ptr<DOMTokenList> m_relList; 140 141 }; 141 142 142 } //namespace143 } -
trunk/Source/WebCore/html/HTMLLinkElement.idl
r209644 r216347 43 43 44 44 [Reflect] attribute DOMString nonce; 45 [Reflect, EnabledBySetting=SubresourceIntegrity] attribute DOMString integrity; 45 46 }; 46 47 -
trunk/Source/WebCore/html/HTMLScriptElement.idl
r211078 r216347 31 31 [Reflect] attribute DOMString nonce; 32 32 [Reflect] attribute boolean noModule; 33 [Reflect, EnabledBySetting=SubresourceIntegrity] attribute DOMString integrity; 33 34 }; -
trunk/Source/WebCore/html/parser/HTMLParserIdioms.h
r215914 r216347 39 39 // Space characters as defined by the HTML specification. 40 40 template<typename CharacterType> bool isHTMLSpace(CharacterType); 41 template<typename CharacterType> bool isNotHTMLSpace(CharacterType); 41 42 template<typename CharacterType> bool isComma(CharacterType); 42 43 template<typename CharacterType> bool isHTMLSpaceOrComma(CharacterType); 43 44 bool isHTMLLineBreak(UChar); 44 bool isNotHTMLSpace(UChar);45 45 bool isHTMLSpaceButNotLineBreak(UChar); 46 46 … … 107 107 } 108 108 109 template<typename CharacterType> inline bool isNotHTMLSpace(CharacterType character) 110 { 111 return !isHTMLSpace(character); 112 } 113 109 114 inline bool isHTMLLineBreak(UChar character) 110 115 { … … 120 125 { 121 126 return isComma(character) || isHTMLSpace(character); 122 }123 124 inline bool isNotHTMLSpace(UChar character)125 {126 return !isHTMLSpace(character);127 127 } 128 128 -
trunk/Source/WebCore/loader/ResourceCryptographicDigest.cpp
r215646 r216347 27 27 #include "ResourceCryptographicDigest.h" 28 28 29 #include "CachedResource.h"30 #include "HTMLParserIdioms.h"31 29 #include "ParsingUtilities.h" 32 #include "SharedBuffer.h"33 30 #include <pal/crypto/CryptoDigest.h> 34 31 #include <wtf/text/Base64.h> … … 59 56 60 57 template<typename CharacterType> 61 st d::optional<ResourceCryptographicDigest> parseCryptographicDigestImpl(const CharacterType*& position, const CharacterType* end)58 static std::optional<ResourceCryptographicDigest> parseCryptographicDigestImpl(const CharacterType*& position, const CharacterType* end) 62 59 { 63 60 if (position == end) … … 99 96 } 100 97 98 template<typename CharacterType> 99 static std::optional<EncodedResourceCryptographicDigest> parseEncodedCryptographicDigestImpl(const CharacterType*& position, const CharacterType* end) 100 { 101 if (position == end) 102 return std::nullopt; 103 104 EncodedResourceCryptographicDigest::Algorithm algorithm; 105 if (!parseHashAlgorithmAdvancingPosition(position, end, algorithm)) 106 return std::nullopt; 107 108 if (!skipExactly<CharacterType>(position, end, '-')) 109 return std::nullopt; 110 111 const CharacterType* beginHashValue = position; 112 skipWhile<CharacterType, isBase64OrBase64URLCharacter>(position, end); 113 skipExactly<CharacterType>(position, end, '='); 114 skipExactly<CharacterType>(position, end, '='); 115 116 if (position == beginHashValue) 117 return std::nullopt; 118 119 return EncodedResourceCryptographicDigest { algorithm, String(beginHashValue, position - beginHashValue) }; 120 } 121 122 std::optional<EncodedResourceCryptographicDigest> parseEncodedCryptographicDigest(const UChar*& begin, const UChar* end) 123 { 124 return parseEncodedCryptographicDigestImpl(begin, end); 125 } 126 127 std::optional<EncodedResourceCryptographicDigest> parseEncodedCryptographicDigest(const LChar*& begin, const LChar* end) 128 { 129 return parseEncodedCryptographicDigestImpl(begin, end); 130 } 131 132 std::optional<ResourceCryptographicDigest> decodeEncodedResourceCryptographicDigest(const EncodedResourceCryptographicDigest& encodedDigest) 133 { 134 Vector<uint8_t> digest; 135 if (!base64Decode(encodedDigest.digest, digest, Base64ValidatePadding)) { 136 if (!base64URLDecode(encodedDigest.digest, digest)) 137 return std::nullopt; 138 } 139 140 return ResourceCryptographicDigest { encodedDigest.algorithm, WTFMove(digest) }; 141 } 142 101 143 static PAL::CryptoDigest::Algorithm toCryptoDigestAlgorithm(ResourceCryptographicDigest::Algorithm algorithm) 102 144 { -
trunk/Source/WebCore/loader/ResourceCryptographicDigest.h
r215646 r216347 62 62 }; 63 63 64 struct EncodedResourceCryptographicDigest { 65 using Algorithm = ResourceCryptographicDigest::Algorithm; 66 67 Algorithm algorithm; 68 String digest; 69 }; 70 64 71 std::optional<ResourceCryptographicDigest> parseCryptographicDigest(const UChar*& begin, const UChar* end); 65 72 std::optional<ResourceCryptographicDigest> parseCryptographicDigest(const LChar*& begin, const LChar* end); 73 74 std::optional<EncodedResourceCryptographicDigest> parseEncodedCryptographicDigest(const UChar*& begin, const UChar* end); 75 std::optional<EncodedResourceCryptographicDigest> parseEncodedCryptographicDigest(const LChar*& begin, const LChar* end); 76 77 std::optional<ResourceCryptographicDigest> decodeEncodedResourceCryptographicDigest(const EncodedResourceCryptographicDigest&); 66 78 67 79 ResourceCryptographicDigest cryptographicDigestForBytes(ResourceCryptographicDigest::Algorithm, const char* bytes, size_t length); -
trunk/Source/WebCore/page/Settings.in
r216154 r216347 291 291 292 292 langAttributeAwareFormControlUIEnabled initial=false 293 294 subresourceIntegrityEnabled initial=true
Note: See TracChangeset
for help on using the changeset viewer.