def render_bundle(bundle_name, extension=None, config='DEFAULT', attrs=''):
"""
Modified version of webpack_loader's render_bundle that adds hashes
to tags for subresource integrity.
"""
tags = []
chunks = get_files(bundle_name, extension=extension, config=config)
for chunk in chunks:
with open(chunk['path'], 'rb') as f:
chunk_hash = sri_hash(f.read())
if chunk['name'].endswith('.js'):
tags.append((
'<script type="text/javascript" src="{0}" integrity="{1}" crossorigin="anonymous" '
'{2}></script>').format(chunk['url'], chunk_hash, attrs))
elif chunk['name'].endswith('.css'):
tags.append((
'<link type="text/css" href="{0}" rel="stylesheet" integrity="{1}" '
'crossorigin="anonymous" {2}/>').format(
chunk['url'], chunk_hash, attrs))
return mark_safe('\n'.join(tags))
def compute_implementation_hash(self):
# User Sub Resource Integrity because the implementation is a
# subresource, and SRI includes the algorithm in the format,
# so this is robust to future changes in both client and
# server.
return sri_hash(self.implementation.encode(), url_safe=True)
def test_sri_hash():
# Pre-generated base64 hash of the string "foobar"
expected = 'sha384-PJww2fZl501RXIQpYNSkUcg6ASX9Pec5LXs3IxrxDHLqWK7fzfiaV2W/kCr5Ps8G'
assert sri_hash(b'foobar') == expected
def implementation_hash(action):
return sri_hash(action.implementation.encode(), url_safe=True)
def implementation_hash(action):
if action.implementation is not None:
return sri_hash(action.implementation.encode(), url_safe=True)
def test_url_safe_works(self):
# Pre-generated base64 hash of the string "normandy", urlsafe-ed
expected = "sha384-6FydcL0iVnTqXT3rBg6YTrlz0K-mw57n9zxTEmxYG6FIO_vZTMlTWsbkxHchsO65"
assert sri_hash(b"normandy", url_safe=True) == expected
def test_it_works(self):
# Pre-generated base64 hash of the string "foobar"
expected = "sha384-PJww2fZl501RXIQpYNSkUcg6ASX9Pec5LXs3IxrxDHLqWK7fzfiaV2W/kCr5Ps8G"
assert sri_hash(b"foobar") == expected
def test_url_safe_works(self):
# Pre-generated base64 hash of the string "normandy", urlsafe-ed
expected = "sha384-6FydcL0iVnTqXT3rBg6YTrlz0K-mw57n9zxTEmxYG6FIO_vZTMlTWsbkxHchsO65"
assert sri_hash(b"normandy", url_safe=True) == expected
def test_it_works(self):
# Pre-generated base64 hash of the string "foobar"
expected = "sha384-PJww2fZl501RXIQpYNSkUcg6ASX9Pec5LXs3IxrxDHLqWK7fzfiaV2W/kCr5Ps8G"
assert sri_hash(b"foobar") == expected
def implementation_hash(action):
if action.implementation is not None:
return sri_hash(action.implementation.encode(), url_safe=True)
def compute_implementation_hash(self):
# User Sub Resource Integrity because the implementation is a
# subresource, and SRI includes the algorithm in the format,
# so this is robust to future changes in both client and
# server.
return sri_hash(self.implementation.encode(), url_safe=True)