SubresourceIntegrity::IntegrityParseResult SubresourceIntegrity::parseIntegrityAttribute(const WTF::String& attribute, IntegrityMetadataSet& metadataSet, Document* document) { Vector<UChar> characters; attribute.stripWhiteSpace().appendTo(characters); const UChar* position = characters.data(); const UChar* end = characters.end(); const UChar* currentIntegrityEnd; metadataSet.clear(); bool error = false; // The integrity attribute takes the form: // *WSP hash-with-options *( 1*WSP hash-with-options ) *WSP / *WSP // To parse this, break on whitespace, parsing each algorithm/digest/option // in order. while (position < end) { WTF::String digest; HashAlgorithm algorithm; skipWhile<UChar, isASCIISpace>(position, end); currentIntegrityEnd = position; skipUntil<UChar, isASCIISpace>(currentIntegrityEnd, end); // Algorithm parsing errors are non-fatal (the subresource should // still be loaded) because strong hash algorithms should be used // without fear of breaking older user agents that don't support // them. AlgorithmParseResult parseResult = parseAlgorithm(position, currentIntegrityEnd, algorithm); if (parseResult == AlgorithmUnknown) { // Unknown hash algorithms are treated as if they're not present, // and thus are not marked as an error, they're just skipped. skipUntil<UChar, isASCIISpace>(position, end); if (document) { logErrorToConsole("Error parsing 'integrity' attribute ('" + attribute + "'). The specified hash algorithm must be one of 'sha256', 'sha384', or 'sha512'.", *document); UseCounter::count(*document, UseCounter::SRIElementWithUnparsableIntegrityAttribute); } continue; } if (parseResult == AlgorithmUnparsable) { error = true; skipUntil<UChar, isASCIISpace>(position, end); if (document) { logErrorToConsole("Error parsing 'integrity' attribute ('" + attribute + "'). The hash algorithm must be one of 'sha256', 'sha384', or 'sha512', followed by a '-' character.", *document); UseCounter::count(*document, UseCounter::SRIElementWithUnparsableIntegrityAttribute); } continue; } ASSERT(parseResult == AlgorithmValid); if (!parseDigest(position, currentIntegrityEnd, digest)) { error = true; skipUntil<UChar, isASCIISpace>(position, end); if (document) { logErrorToConsole("Error parsing 'integrity' attribute ('" + attribute + "'). The digest must be a valid, base64-encoded value.", *document); UseCounter::count(*document, UseCounter::SRIElementWithUnparsableIntegrityAttribute); } continue; } // The spec defines a space in the syntax for options, separated by a // '?' character followed by unbounded VCHARs, but no actual options // have been defined yet. Thus, for forward compatibility, ignore any // options specified. if (skipExactly<UChar>(position, end, '?')) { const UChar* begin = position; skipWhile<UChar, isValueCharacter>(position, end); if (begin != position && document) logErrorToConsole("Ignoring unrecogized 'integrity' attribute option '" + String(begin, position - begin) + "'.", *document); } IntegrityMetadata integrityMetadata(digest, algorithm); metadataSet.add(integrityMetadata.toPair()); } if (metadataSet.size() == 0 && error) return IntegrityParseNoValidResult; return IntegrityParseValidResult; }