1
0
mirror of https://github.com/rkd77/elinks.git synced 2025-01-03 14:57:44 -05:00

[integrity] store integrity value in url . Refs #284

For ecmascript it is '^integrity\0url'.
Weak points:
Bad script is not executed, but is stored in cache, so next requests will take it from cache, not from network.
Checksum is calculated everytime script is loaded (it can be many times per second).
Scripting pre_format_hook can modify the body of script and cause a wrong checksum.
Error message is written to stderr.
This commit is contained in:
Witold Filipczyk 2024-09-24 15:44:22 +02:00
parent 403bc5c6ce
commit da93f8f374
3 changed files with 30 additions and 47 deletions

View File

@ -322,6 +322,7 @@ not_processed:
char *import_url;
struct uri *uri;
struct string tmp;
if (!get_opt_bool("ecmascript.enable", NULL)) {
mem_free(src);
@ -336,16 +337,26 @@ not_processed:
uri = get_uri(import_url, URI_BASE);
if (!uri) goto imported;
char *integrity = get_attr_val(a, "integrity", html_context->doc_cp);
/* Request the imported script as part of the document ... */
html_context->special_f(html_context, SP_SCRIPT, uri, integrity);
mem_free_if(integrity);
html_context->special_f(html_context, SP_SCRIPT, uri);
done_uri(uri);
if (init_string(&tmp)) {
char *integrity = get_attr_val(a, "integrity", html_context->doc_cp);
add_char_to_string(&tmp, '^');
if (integrity) {
add_to_string(&tmp, integrity);
mem_free(integrity);
}
add_char_to_string(&tmp, '\0');
add_to_string(&tmp, import_url);
/* Create URL reference onload snippet. */
insert_in_string(&import_url, 0, "^", 1);
add_to_ecmascript_string_list(&html_context->part->document->onload_snippets,
import_url, -1, html_top->name - html_context->part->document->text.source);
tmp.source, tmp.length, html_top->name - html_context->part->document->text.source);
done_string(&tmp);
}
imported:
/* Retreat. Do not permit nested scripts, tho'. */

View File

@ -40,11 +40,6 @@
#include "document/options.h"
#include "document/refresh.h"
#include "document/renderer.h"
#ifdef CONFIG_ECMASCRIPT_SMJS
#include "ecmascript/ecmascript-c.h"
#endif
#include "intl/charsets.h"
#include "osdep/types.h"
#include "protocol/uri.h"
@ -2397,13 +2392,8 @@ html_special(struct html_context *html_context, html_special_type_T c, ...)
#ifdef CONFIG_ECMASCRIPT
if (document) {
struct uri *uri = va_arg(l, struct uri *);
char *integrity = va_arg(l, char *);
add_to_uri_list(&document->ecmascript_imports, uri);
if (uri && integrity) {
save_integrity_in_map(uri, integrity);
}
}
#endif
break;

View File

@ -39,35 +39,9 @@
#include "viewer/text/form.h"
#include "viewer/text/view.h"
#ifdef CONFIG_ECMASCRIPT_SMJS
#include <map>
std::map<struct uri *, char *> map_integrity;
#endif
extern int interpreter_count;
extern int ecmascript_enabled;
void
save_integrity_in_map(struct uri *uri, char *integrity)
{
#ifdef CONFIG_ECMASCRIPT_SMJS
map_integrity[uri] = null_or_stracpy(integrity);
#endif
}
char *
get_integrity_from_map(struct uri *uri)
{
#ifdef CONFIG_ECMASCRIPT_SMJS
auto e = map_integrity.find(uri);
if (e != map_integrity.end()) {
return e->second;
}
#endif
return NULL;
}
int
ecmascript_get_interpreter_count(void)
{
@ -203,9 +177,11 @@ process_snippets(struct ecmascript_interpreter *interpreter,
(*current) = (*current)->next) {
struct string *string = &(*current)->string;
char *uristring;
char *null_char;
struct uri *uri;
struct cache_entry *cached;
struct fragment *fragment;
size_t len;
if (string->length == 0)
continue;
@ -217,7 +193,14 @@ process_snippets(struct ecmascript_interpreter *interpreter,
}
/* Eval external <script src="reference"></script> snippet */
uristring = string->source + 1;
null_char = strchr(string->source + 1, '\0');
if (!null_char) {
continue;
}
len = null_char - string->source - 1;
uristring = null_char + 1;
if (!*uristring) continue;
uri = get_uri(uristring, URI_BASE);
@ -225,18 +208,17 @@ process_snippets(struct ecmascript_interpreter *interpreter,
cached = get_redirected_cache_entry(uri);
#ifdef CONFIG_ECMASCRIPT_SMJS
if (cached) {
char *integrity = get_integrity_from_map(uri);
char *integrity = len > 0 ? memacpy(string->source + 1, len) : NULL;
if (integrity) {
if (!validate_cache_integrity(cached, integrity)) {
cached = NULL;
fprintf(stderr, "Integrity failed for %s\n", struri(uri));
}
mem_free(integrity);
}
}
#endif
done_uri(uri);
if (!cached) {