Editorial: change style of preload integrity metadata test #10924
+5
−4
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -27686,14 +27686,15 @@ document.body.appendChild(wbr);</code></pre> | |
| <span data-x="preload integrity metadata">integrity metadata</span>.</p></li> | ||
|
|
||
| <li> | ||
| <p>If all of the following are true:</p> | ||
|
|
||
| <ul> | ||
| <li><p><var>consumerIntegrityMetadata</var> is not <span data-x="list is empty">empty</span>; | ||
| and</p></li> | ||
|
|
||
| <li> | ||
| <p><var>consumerIntegrityMetadata</var> is not equal to | ||
| <var>preloadIntegrityMetadata</var></p> | ||
|
There was a problem hiding this comment. So this compares the maps? Feels a little sketchy to do that this way, but note that with this new style of parsing the XXX below is resolved as we do now ignore unknown integrity options. Not sure that is tested however and I would also be surprised if it matches implementations. cc @noamr There was a problem hiding this comment. Yeah fair, this should probably use "not deeply equal" (without linking to anything, since we haven't defined that). |
||
|
|
||
| <p class="XXX">This comparison would ignore unknown integrity options. See <a | ||
| href="https://github.com/w3c/webappsec-subresource-integrity/issues/116">issue #116.</a></p> | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should probably have quotes?
Though then I looked at https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata and I no longer understand how this even works. I guess SRI changed underneath us or am I missing something?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great catch. I think it's straightforward to fix, so I pushed something. I'll be sure to update the commit message when merging.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Presumably this should use "map is empty"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, an integrity metadata is now a set of maps, so it's comparing the sets.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh right, why don't they store it as algorithm -> value? Weird.