Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-10-03 10:09:20 +01:00
Code Issues Projects Releases Packages Wiki Activity

Auto merge of #14865 - mrnayak:sri-fetch, r=jdm

Browse source 
Implement Subresource Integrity

Implemented response validation part of https://w3c.github.io/webappsec-subresource-integrity/.
Implemented step eighteen of the main fetch. If a request has integrity metadata, then following steps are performed
1) Wait for response body
2) If the response does not have a termination reason and response does not match request’s integrity metadata, set response and internalResponse to a network error.

Dependency updated: html5ever-atoms from 0.1.2 to 0.1.3. This will not completely fix #14523, It will implement changes related to response validation. Request validation algorithm implementation needs CSP.

I did not update any WPT-Test. In my local system, I found some assertion issue dependent on the order of execution of test-case. It would be helpful if someone could do "try" build on these changes to get wpt results.

r? @jdm
<!-- Please describe your changes on the following line: -->

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `__` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors

<!-- Either: -->
- [X] There are tests for these changes

<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/14865)
<!-- Reviewable:end -->
This commit is contained in:
bors-servo 2017-01-07 23:14:37 -08:00 committed by GitHub
commit f958dafcae
19 changed files with 439 additions and 260 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tests/wpt/include.ini
View file

@ -43,6 +43,8 @@ skip: true
skip: false
[referrer-policy]
skip: false
[subresource-integrity]
skip: false
[touch-events]
skip: false
[typedarrays]

6
tests/wpt/metadata/html/dom/interfaces.html.ini
View file

@ -9870,18 +9870,12 @@
[HTMLLinkElement interface: attribute nonce]
expected: FAIL
[HTMLLinkElement interface: attribute integrity]
expected: FAIL
[HTMLLinkElement interface: attribute referrerPolicy]
expected: FAIL
[HTMLLinkElement interface: document.createElement("link") must inherit property "nonce" with the proper type (5)]
expected: FAIL
[HTMLLinkElement interface: document.createElement("link") must inherit property "integrity" with the proper type (6)]
expected: FAIL
[HTMLLinkElement interface: document.createElement("link") must inherit property "sizes" with the proper type (9)]
expected: FAIL

96
tests/wpt/metadata/html/dom/reflection-metadata.html.ini
View file

@ -10116,102 +10116,6 @@
[link.nonce: IDL set to object "test-valueOf"]
expected: FAIL
[link.integrity: typeof IDL attribute]
expected: FAIL
[link.integrity: IDL get with DOM attribute unset]
expected: FAIL
[link.integrity: setAttribute() to ""]
expected: FAIL
[link.integrity: setAttribute() to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
expected: FAIL
[link.integrity: setAttribute() to undefined]
expected: FAIL
[link.integrity: setAttribute() to 7]
expected: FAIL
[link.integrity: setAttribute() to 1.5]
expected: FAIL
[link.integrity: setAttribute() to true]
expected: FAIL
[link.integrity: setAttribute() to false]
expected: FAIL
[link.integrity: setAttribute() to object "[object Object\]"]
expected: FAIL
[link.integrity: setAttribute() to NaN]
expected: FAIL
[link.integrity: setAttribute() to Infinity]
expected: FAIL
[link.integrity: setAttribute() to -Infinity]
expected: FAIL
[link.integrity: setAttribute() to "\\0"]
expected: FAIL
[link.integrity: setAttribute() to null]
expected: FAIL
[link.integrity: setAttribute() to object "test-toString"]
expected: FAIL
[link.integrity: setAttribute() to object "test-valueOf"]
expected: FAIL
[link.integrity: IDL set to ""]
expected: FAIL
[link.integrity: IDL set to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
expected: FAIL
[link.integrity: IDL set to undefined]
expected: FAIL
[link.integrity: IDL set to 7]
expected: FAIL
[link.integrity: IDL set to 1.5]
expected: FAIL
[link.integrity: IDL set to true]
expected: FAIL
[link.integrity: IDL set to false]
expected: FAIL
[link.integrity: IDL set to object "[object Object\]"]
expected: FAIL
[link.integrity: IDL set to NaN]
expected: FAIL
[link.integrity: IDL set to Infinity]
expected: FAIL
[link.integrity: IDL set to -Infinity]
expected: FAIL
[link.integrity: IDL set to "\\0"]
expected: FAIL
[link.integrity: IDL set to null]
expected: FAIL
[link.integrity: IDL set to object "test-toString"]
expected: FAIL
[link.integrity: IDL set to object "test-valueOf"]
expected: FAIL
[link.referrerPolicy: typeof IDL attribute]
expected: FAIL

96
tests/wpt/metadata/html/dom/reflection-misc.html.ini
View file

@ -17610,99 +17610,3 @@
[script.nonce: IDL set to object "test-valueOf"]
expected: FAIL
[script.integrity: typeof IDL attribute]
expected: FAIL
[script.integrity: IDL get with DOM attribute unset]
expected: FAIL
[script.integrity: setAttribute() to ""]
expected: FAIL
[script.integrity: setAttribute() to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
expected: FAIL
[script.integrity: setAttribute() to undefined]
expected: FAIL
[script.integrity: setAttribute() to 7]
expected: FAIL
[script.integrity: setAttribute() to 1.5]
expected: FAIL
[script.integrity: setAttribute() to true]
expected: FAIL
[script.integrity: setAttribute() to false]
expected: FAIL
[script.integrity: setAttribute() to object "[object Object\]"]
expected: FAIL
[script.integrity: setAttribute() to NaN]
expected: FAIL
[script.integrity: setAttribute() to Infinity]
expected: FAIL
[script.integrity: setAttribute() to -Infinity]
expected: FAIL
[script.integrity: setAttribute() to "\\0"]
expected: FAIL
[script.integrity: setAttribute() to null]
expected: FAIL
[script.integrity: setAttribute() to object "test-toString"]
expected: FAIL
[script.integrity: setAttribute() to object "test-valueOf"]
expected: FAIL
[script.integrity: IDL set to ""]
expected: FAIL
[script.integrity: IDL set to " \\0\\x01\\x02\\x03\\x04\\x05\\x06\\x07 \\b\\t\\n\\v\\f\\r\\x0e\\x0f \\x10\\x11\\x12\\x13\\x14\\x15\\x16\\x17 \\x18\\x19\\x1a\\x1b\\x1c\\x1d\\x1e\\x1f foo "]
expected: FAIL
[script.integrity: IDL set to undefined]
expected: FAIL
[script.integrity: IDL set to 7]
expected: FAIL
[script.integrity: IDL set to 1.5]
expected: FAIL
[script.integrity: IDL set to true]
expected: FAIL
[script.integrity: IDL set to false]
expected: FAIL
[script.integrity: IDL set to object "[object Object\]"]
expected: FAIL
[script.integrity: IDL set to NaN]
expected: FAIL
[script.integrity: IDL set to Infinity]
expected: FAIL
[script.integrity: IDL set to -Infinity]
expected: FAIL
[script.integrity: IDL set to "\\0"]
expected: FAIL
[script.integrity: IDL set to null]
expected: FAIL
[script.integrity: IDL set to object "test-toString"]
expected: FAIL
[script.integrity: IDL set to object "test-valueOf"]
expected: FAIL

36
tests/wpt/metadata/subresource-integrity/subresource-integrity.sub.html.ini Normal file
View file

@ -0,0 +1,36 @@
[subresource-integrity.sub.html]
type: testharness
expected: TIMEOUT
[Style: <crossorigin='anonymous'> with correct hash, ACAO: *]
expected: FAIL
[Style: Same-origin with correct sha256 and sha512 hash, rel='alternate stylesheet' enabled]
expected: NOTRUN
[Style: Same-origin with incorrect sha256 and sha512 hash, rel='alternate stylesheet' enabled]
expected: NOTRUN
[Style: Same-origin with incorrect hash.]
expected: FAIL
[Style: Same-origin with sha256 match, sha512 mismatch]
expected: FAIL
[Style: <crossorigin='use-credentials'> with correct hash, CORS-eligible]
expected: FAIL
[Style: <crossorigin='anonymous'> with CORS-ineligible resource]
expected: FAIL
[Style: Cross-origin, not CORS request, with correct hash]
expected: FAIL
[Style: Cross-origin, not CORS request, with hash mismatch]
expected: FAIL
[Style: <crossorigin='use-credentials'> with incorrect hash CORS-eligible]
expected: FAIL
[Style: <crossorigin='anonymous'> with incorrect hash, ACAO: *]
expected: FAIL