W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2017

Re: if the spec require FetchEvent return the integrity value

From: Frederik Braun <fbraun@mozilla.com>
Date: Wed, 21 Jun 2017 09:11:11 +0200
To: public-webappsec@w3.org
Message-ID: <03756ed4-5e31-ebd4-e9fe-b344f840e434@mozilla.com>
Yes.
This is in the fetch spec at
<https://fetch.spec.whatwg.org/#concept-request-integrity-metadata> (and
look for other occurences of 'integrity metadata').



On 20.06.2017 08:22, Zhang, Xiaofeng wrote:
> Hello,
> 
>  
> 
> I am not sure this is a proper place to ask the question, but no reply
> in github: https://github.com/w3c/webappsec-subresource-integrity/issues/71
> 
>  
> 
> I am working a chromium fetch test issue, the test is to set a
> script.integrity, and then determine whether this integrity value and
> FetchEvent returned integrity value are equal.
> 
> My question is that if the spec require FetchEvent return this value? I
> didn't find that here https://www.w3.org/TR/SRI/.
> 
> Thanks a lot for your kindly answer!
> 
>  
> 
> Some test code:
> 
>  
> 
> function script_integrity_test(frame, url, integrity,
> expected_integrity)
> {                                                                                          
>               
> 
>    var actual_url = url +
> (++url_count);                                                                                                                                          
> 
> 
>    expected_results[actual_url] = {                         
>                                                                                                                       
> 
>        url:
> actual_url,                                                                                                                 
>                                           
> 
>        mode:
> 'no-cors',                                                                                                                                                           
> 
> 
>        credentials: 'include',  
>                                                                                                                                                   
> 
>        redirect:
> 'follow',                                                                                  
>                                                                       
> 
>        integrity:
> expected_integrity,                                                                                                                                             
> 
> 
>        message: 'Script load (url:' + actual_url +
> ')'                                                                                                                            
> 
> 
>      };                                                                         
>                                                                                                   
> 
>    return frame.contentWindow.load_script_with_integrity(actual_url,
> integrity);                                                                            
>                         
> 
> }
> 
> ---------------------------
> 
> function load_script_with_integrity(url, integrity) {
> 
> var script = document.createElement('script');
> 
> script.src = url;
> 
> script.integrity = integrity;
> 
> document.body.appendChild(script);
> 
> }
> 
> ----------------------------
> 
> assert_equals(result.integrity, expected.integrity)
> 
>  
> 
>  
> 
> Best Regards
> 
> Xiaofeng Zhang
> 
>  
> 
Received on Wednesday, 21 June 2017 07:11:46 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:23 UTC