mirror of
https://github.com/RGBCube/serenity
synced 2025-10-26 16:22:07 +00:00
22e0603bf7
Specifically, this makes `<link>` elements with an `integrity` attribute actually work. Previously, we would load their resource, and then drop it on the floor without actually using it. The Subresource Integrity code is in `LibWeb/SRI`, since SRI is the name of the recommendation spec: https://www.w3.org/TR/SRI/ However, the Fetch spec links to the editor's draft, which varies significantly from the recommendation, and so that is what the code is based on and what the spec comments link to: https://w3c.github.io/webappsec-subresource-integrity/ Fixes #18408
25 lines
711 B
C++
25 lines
711 B
C++
/*
|
|
* Copyright (c) 2023, Sam Atkins <atkinssj@serenityos.org>
|
|
*
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include <AK/String.h>
|
|
|
|
namespace Web::SRI {
|
|
|
|
// https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata
|
|
struct Metadata {
|
|
String algorithm; // "alg"
|
|
String base64_value; // "val"
|
|
String options {}; // "opt"
|
|
};
|
|
|
|
ErrorOr<String> apply_algorithm_to_bytes(StringView algorithm, ByteBuffer const& bytes);
|
|
ErrorOr<Vector<Metadata>> parse_metadata(StringView metadata);
|
|
ErrorOr<Vector<Metadata>> get_strongest_metadata_from_set(Vector<Metadata> const& set);
|
|
ErrorOr<bool> do_bytes_match_metadata_list(ByteBuffer const& bytes, StringView metadata_list);
|
|
|
|
}
|