mirror of
https://github.com/rkd77/elinks.git
synced 2025-01-03 14:57:44 -05:00
[integrity] store integrity value in url . Refs #284
For ecmascript it is '^integrity\0url'. Weak points: Bad script is not executed, but is stored in cache, so next requests will take it from cache, not from network. Checksum is calculated everytime script is loaded (it can be many times per second). Scripting pre_format_hook can modify the body of script and cause a wrong checksum. Error message is written to stderr.
This commit is contained in:
parent
403bc5c6ce
commit
da93f8f374
@ -322,6 +322,7 @@ not_processed:
|
|||||||
|
|
||||||
char *import_url;
|
char *import_url;
|
||||||
struct uri *uri;
|
struct uri *uri;
|
||||||
|
struct string tmp;
|
||||||
|
|
||||||
if (!get_opt_bool("ecmascript.enable", NULL)) {
|
if (!get_opt_bool("ecmascript.enable", NULL)) {
|
||||||
mem_free(src);
|
mem_free(src);
|
||||||
@ -336,16 +337,26 @@ not_processed:
|
|||||||
uri = get_uri(import_url, URI_BASE);
|
uri = get_uri(import_url, URI_BASE);
|
||||||
if (!uri) goto imported;
|
if (!uri) goto imported;
|
||||||
|
|
||||||
char *integrity = get_attr_val(a, "integrity", html_context->doc_cp);
|
|
||||||
/* Request the imported script as part of the document ... */
|
/* Request the imported script as part of the document ... */
|
||||||
html_context->special_f(html_context, SP_SCRIPT, uri, integrity);
|
html_context->special_f(html_context, SP_SCRIPT, uri);
|
||||||
mem_free_if(integrity);
|
|
||||||
done_uri(uri);
|
done_uri(uri);
|
||||||
|
|
||||||
|
if (init_string(&tmp)) {
|
||||||
|
char *integrity = get_attr_val(a, "integrity", html_context->doc_cp);
|
||||||
|
|
||||||
|
add_char_to_string(&tmp, '^');
|
||||||
|
|
||||||
|
if (integrity) {
|
||||||
|
add_to_string(&tmp, integrity);
|
||||||
|
mem_free(integrity);
|
||||||
|
}
|
||||||
|
add_char_to_string(&tmp, '\0');
|
||||||
|
add_to_string(&tmp, import_url);
|
||||||
/* Create URL reference onload snippet. */
|
/* Create URL reference onload snippet. */
|
||||||
insert_in_string(&import_url, 0, "^", 1);
|
|
||||||
add_to_ecmascript_string_list(&html_context->part->document->onload_snippets,
|
add_to_ecmascript_string_list(&html_context->part->document->onload_snippets,
|
||||||
import_url, -1, html_top->name - html_context->part->document->text.source);
|
tmp.source, tmp.length, html_top->name - html_context->part->document->text.source);
|
||||||
|
done_string(&tmp);
|
||||||
|
}
|
||||||
|
|
||||||
imported:
|
imported:
|
||||||
/* Retreat. Do not permit nested scripts, tho'. */
|
/* Retreat. Do not permit nested scripts, tho'. */
|
||||||
|
@ -40,11 +40,6 @@
|
|||||||
#include "document/options.h"
|
#include "document/options.h"
|
||||||
#include "document/refresh.h"
|
#include "document/refresh.h"
|
||||||
#include "document/renderer.h"
|
#include "document/renderer.h"
|
||||||
|
|
||||||
#ifdef CONFIG_ECMASCRIPT_SMJS
|
|
||||||
#include "ecmascript/ecmascript-c.h"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include "intl/charsets.h"
|
#include "intl/charsets.h"
|
||||||
#include "osdep/types.h"
|
#include "osdep/types.h"
|
||||||
#include "protocol/uri.h"
|
#include "protocol/uri.h"
|
||||||
@ -2397,13 +2392,8 @@ html_special(struct html_context *html_context, html_special_type_T c, ...)
|
|||||||
#ifdef CONFIG_ECMASCRIPT
|
#ifdef CONFIG_ECMASCRIPT
|
||||||
if (document) {
|
if (document) {
|
||||||
struct uri *uri = va_arg(l, struct uri *);
|
struct uri *uri = va_arg(l, struct uri *);
|
||||||
char *integrity = va_arg(l, char *);
|
|
||||||
|
|
||||||
add_to_uri_list(&document->ecmascript_imports, uri);
|
add_to_uri_list(&document->ecmascript_imports, uri);
|
||||||
|
|
||||||
if (uri && integrity) {
|
|
||||||
save_integrity_in_map(uri, integrity);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
break;
|
break;
|
||||||
|
@ -39,35 +39,9 @@
|
|||||||
#include "viewer/text/form.h"
|
#include "viewer/text/form.h"
|
||||||
#include "viewer/text/view.h"
|
#include "viewer/text/view.h"
|
||||||
|
|
||||||
#ifdef CONFIG_ECMASCRIPT_SMJS
|
|
||||||
#include <map>
|
|
||||||
std::map<struct uri *, char *> map_integrity;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
extern int interpreter_count;
|
extern int interpreter_count;
|
||||||
extern int ecmascript_enabled;
|
extern int ecmascript_enabled;
|
||||||
|
|
||||||
void
|
|
||||||
save_integrity_in_map(struct uri *uri, char *integrity)
|
|
||||||
{
|
|
||||||
#ifdef CONFIG_ECMASCRIPT_SMJS
|
|
||||||
map_integrity[uri] = null_or_stracpy(integrity);
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
char *
|
|
||||||
get_integrity_from_map(struct uri *uri)
|
|
||||||
{
|
|
||||||
#ifdef CONFIG_ECMASCRIPT_SMJS
|
|
||||||
auto e = map_integrity.find(uri);
|
|
||||||
|
|
||||||
if (e != map_integrity.end()) {
|
|
||||||
return e->second;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
int
|
int
|
||||||
ecmascript_get_interpreter_count(void)
|
ecmascript_get_interpreter_count(void)
|
||||||
{
|
{
|
||||||
@ -203,9 +177,11 @@ process_snippets(struct ecmascript_interpreter *interpreter,
|
|||||||
(*current) = (*current)->next) {
|
(*current) = (*current)->next) {
|
||||||
struct string *string = &(*current)->string;
|
struct string *string = &(*current)->string;
|
||||||
char *uristring;
|
char *uristring;
|
||||||
|
char *null_char;
|
||||||
struct uri *uri;
|
struct uri *uri;
|
||||||
struct cache_entry *cached;
|
struct cache_entry *cached;
|
||||||
struct fragment *fragment;
|
struct fragment *fragment;
|
||||||
|
size_t len;
|
||||||
|
|
||||||
if (string->length == 0)
|
if (string->length == 0)
|
||||||
continue;
|
continue;
|
||||||
@ -217,7 +193,14 @@ process_snippets(struct ecmascript_interpreter *interpreter,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Eval external <script src="reference"></script> snippet */
|
/* Eval external <script src="reference"></script> snippet */
|
||||||
uristring = string->source + 1;
|
null_char = strchr(string->source + 1, '\0');
|
||||||
|
|
||||||
|
if (!null_char) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
len = null_char - string->source - 1;
|
||||||
|
|
||||||
|
uristring = null_char + 1;
|
||||||
if (!*uristring) continue;
|
if (!*uristring) continue;
|
||||||
|
|
||||||
uri = get_uri(uristring, URI_BASE);
|
uri = get_uri(uristring, URI_BASE);
|
||||||
@ -225,18 +208,17 @@ process_snippets(struct ecmascript_interpreter *interpreter,
|
|||||||
|
|
||||||
cached = get_redirected_cache_entry(uri);
|
cached = get_redirected_cache_entry(uri);
|
||||||
|
|
||||||
#ifdef CONFIG_ECMASCRIPT_SMJS
|
|
||||||
if (cached) {
|
if (cached) {
|
||||||
char *integrity = get_integrity_from_map(uri);
|
char *integrity = len > 0 ? memacpy(string->source + 1, len) : NULL;
|
||||||
|
|
||||||
if (integrity) {
|
if (integrity) {
|
||||||
if (!validate_cache_integrity(cached, integrity)) {
|
if (!validate_cache_integrity(cached, integrity)) {
|
||||||
cached = NULL;
|
cached = NULL;
|
||||||
fprintf(stderr, "Integrity failed for %s\n", struri(uri));
|
fprintf(stderr, "Integrity failed for %s\n", struri(uri));
|
||||||
}
|
}
|
||||||
|
mem_free(integrity);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
done_uri(uri);
|
done_uri(uri);
|
||||||
|
|
||||||
if (!cached) {
|
if (!cached) {
|
||||||
|
Loading…
Reference in New Issue
Block a user