def render_bundle(bundle_name, extension=None, config='DEFAULT', attrs=''): """ Modified version of webpack_loader's render_bundle that adds hashes to tags for subresource integrity. """ tags = [] chunks = get_files(bundle_name, extension=extension, config=config) for chunk in chunks: with open(chunk['path'], 'rb') as f: chunk_hash = sri_hash(f.read()) if chunk['name'].endswith('.js'): tags.append(( '<script type="text/javascript" src="{0}" integrity="{1}" crossorigin="anonymous" ' '{2}></script>').format(chunk['url'], chunk_hash, attrs)) elif chunk['name'].endswith('.css'): tags.append(( '<link type="text/css" href="{0}" rel="stylesheet" integrity="{1}" ' 'crossorigin="anonymous" {2}/>').format( chunk['url'], chunk_hash, attrs)) return mark_safe('\n'.join(tags))
def compute_implementation_hash(self): # User Sub Resource Integrity because the implementation is a # subresource, and SRI includes the algorithm in the format, # so this is robust to future changes in both client and # server. return sri_hash(self.implementation.encode(), url_safe=True)
def test_sri_hash(): # Pre-generated base64 hash of the string "foobar" expected = 'sha384-PJww2fZl501RXIQpYNSkUcg6ASX9Pec5LXs3IxrxDHLqWK7fzfiaV2W/kCr5Ps8G' assert sri_hash(b'foobar') == expected
def implementation_hash(action): return sri_hash(action.implementation.encode(), url_safe=True)
def implementation_hash(action): if action.implementation is not None: return sri_hash(action.implementation.encode(), url_safe=True)
def test_url_safe_works(self): # Pre-generated base64 hash of the string "normandy", urlsafe-ed expected = "sha384-6FydcL0iVnTqXT3rBg6YTrlz0K-mw57n9zxTEmxYG6FIO_vZTMlTWsbkxHchsO65" assert sri_hash(b"normandy", url_safe=True) == expected
def test_it_works(self): # Pre-generated base64 hash of the string "foobar" expected = "sha384-PJww2fZl501RXIQpYNSkUcg6ASX9Pec5LXs3IxrxDHLqWK7fzfiaV2W/kCr5Ps8G" assert sri_hash(b"foobar") == expected