[webkit-changes] [WebKit/WebKit] 339bce: Add support for importmap integrity

Yoav Weiss noreply at github.com
Tue May 21 18:56:36 PDT 2024


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 339bcec0f9ff29fbd56e7209f4a01f2b12b14ac3
      https://github.com/WebKit/WebKit/commit/339bcec0f9ff29fbd56e7209f4a01f2b12b14ac3
  Author: Yoav Weiss <yoav at yoav.ws>
  Date:   2024-05-21 (Tue, 21 May 2024)

  Changed paths:
    M LayoutTests/TestExpectations
    A LayoutTests/imported/w3c/web-platform-tests/import-maps/WEB_FEATURES.yml
    M LayoutTests/imported/w3c/web-platform-tests/import-maps/data-driven/resources/test-helper.js
    A LayoutTests/imported/w3c/web-platform-tests/import-maps/dynamic-integrity-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/import-maps/dynamic-integrity.html
    A LayoutTests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity-valid-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity-valid.html
    A LayoutTests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity.html
    A LayoutTests/imported/w3c/web-platform-tests/import-maps/nonimport-integrity-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/import-maps/nonimport-integrity.html
    A LayoutTests/imported/w3c/web-platform-tests/import-maps/static-integrity-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/import-maps/static-integrity.html
    M LayoutTests/imported/w3c/web-platform-tests/import-maps/w3c-import.log
    M LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-resources.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-resources.https.html
    M LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/resources/fetch-request-resources-iframe.https.html
    M LayoutTests/platform/glib/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-resources.https-expected.txt
    M Source/JavaScriptCore/runtime/ImportMap.cpp
    M Source/JavaScriptCore/runtime/ImportMap.h
    M Source/WebCore/bindings/js/ScriptModuleLoader.cpp
    M Source/WebCore/dom/ScriptElement.cpp

  Log Message:
  -----------
  Add support for importmap integrity
https://bugs.webkit.org/show_bug.cgi?id=272884

Reviewed by Ryosuke Niwa.

Imported ES modules can't currently have integrity checks, which means
they can't be used in sites where integrity checks are a necessity, for
security and privacy reasons.
This implements such support, by adding an "integrity" section to import
maps.

See https://github.com/whatwg/html/pull/10269

* LayoutTests/TestExpectations: Ignored console logs to avoid flakiness
* LayoutTests/imported/w3c/web-platform-tests/import-maps/WEB_FEATURES.yml: Added.
* LayoutTests/imported/w3c/web-platform-tests/import-maps/data-driven/resources/test-helper.js:
(createTestIframe): Updated through import.
* LayoutTests/imported/w3c/web-platform-tests/import-maps/dynamic-integrity-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/import-maps/dynamic-integrity.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity-valid-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity-valid.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/import-maps/no-referencing-script-integrity.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/import-maps/nonimport-integrity-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/import-maps/nonimport-integrity.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/import-maps/static-integrity-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/import-maps/static-integrity.html: Added.
* LayoutTests/imported/w3c/web-platform-tests/import-maps/w3c-import.log: Imports.
* LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-resources.https-expected.txt: Updated.
* LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-resources.https.html: Updated to cover Request.integrity.
* LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/resources/fetch-request-resources-iframe.https.html: Updated to cover Request.integrity.
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-request-resources.https-expected.txt: Updated.
* Source/JavaScriptCore/runtime/ImportMap.cpp:
(JSC::ImportMap::resolveImportMatch): Typos and spec link.
(JSC::parseURLLikeModuleSpecifier): Typos and spec link.
(JSC::ImportMap::resolve const): Typos and spec link.
(JSC::normalizeSpecifierKey): Typos and spec link.
(JSC::sortAndNormalizeSpecifierMap): Typos and spec link.
(JSC::ImportMap::registerImportMap): Add parsing for the integrity
section.
(JSC::ImportMap::getIntegrity const): Getter for integrity based on URL.
* Source/JavaScriptCore/runtime/ImportMap.h:
* Source/WebCore/bindings/js/ScriptModuleLoader.cpp:
(WebCore::ScriptModuleLoader::importModule): Add integrity to outgoing
requests.
(WebCore::ScriptModuleLoader::notifyFinished): Enforce integrity from
the importmap on responses, even if integrity wasn't present in the
request. Needed for static imports triggered by JSCore.
* Source/WebCore/dom/ScriptElement.cpp:
(WebCore::ScriptElement::requestModuleScript): Add integrity to outgoing
requests for top-level modules, if they don't already have an integrity
attribute.

Canonical link: https://commits.webkit.org/279096@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications


More information about the webkit-changes mailing list