sri-toolbox
Advanced tools
Comparing version 0.1.3 to 0.2.0
@@ -15,3 +15,2 @@ /* | ||
delimiter: options.delimiter || " ", | ||
type: options.type, | ||
full: options.full || false | ||
@@ -30,16 +29,6 @@ }; | ||
.createHash(algorithm) | ||
.update(data) | ||
.update(data, 'utf8') | ||
.digest("base64"); | ||
}, | ||
// Format content-type | ||
type = function (options) { | ||
if (!options.type) { | ||
return undefined; | ||
} | ||
// Cut string at whitespace, then remove any non-whitelisted chars. | ||
return options.type.replace(/(\s.*)|[^\w\/\!\#\$\&\-\^\+\.]/g, ""); | ||
}, | ||
// Generate list of hashes | ||
@@ -58,5 +47,2 @@ hashes = function (options, data) { | ||
// Content-type | ||
output += (sri.type) ? "type:" + sri.type + options.delimiter : ""; | ||
// Hash list | ||
@@ -76,3 +62,2 @@ output += Object.keys(sri.hashes).map(function (algorithm) { | ||
hashes: hashes(options, data), | ||
type: type(options), | ||
integrity: undefined | ||
@@ -79,0 +64,0 @@ }; |
{ | ||
"name": "sri-toolbox", | ||
"version": "0.1.3", | ||
"version": "0.2.0", | ||
"description": "Subresource Integrity tools", | ||
@@ -5,0 +5,0 @@ "author": { |
@@ -21,6 +21,5 @@ # sri-toolbox [![Build Status](https://travis-ci.org/neftaly/npm-sri-toolbox.svg?branch=master)](https://travis-ci.org/neftaly/npm-sri-toolbox) [![Coverage Status](https://coveralls.io/repos/neftaly/npm-sri-toolbox/badge.svg?branch=master)](https://coveralls.io/r/neftaly/npm-sri-toolbox?branch=master) | ||
var integrity = sriToolbox.generate({ | ||
type: "application/javascript", | ||
algorithms: ["sha256"], | ||
algorithms: ["sha256"] | ||
}, jquerySourceCode); | ||
//=> "type:application/javascript sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg=" | ||
//=> "sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg=" | ||
``` | ||
@@ -31,4 +30,3 @@ | ||
var integrityObject = sriToolbox.generate({ | ||
full: true, | ||
type: "application/javascript; charset: utf8" | ||
full: true | ||
}, jquerySourceCode); | ||
@@ -42,4 +40,3 @@ //=> object | ||
}, | ||
"type": "application/javascript", | ||
"integrity": "type:application/javascript sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg=" | ||
"integrity": "sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg=" | ||
} | ||
@@ -65,6 +62,3 @@ ``` | ||
* string **type** *= ""* | ||
Content-type of file | ||
* boolean **full** *= false* | ||
Return a string if false, object if true. See example. |
@@ -20,9 +20,16 @@ "use strict"; | ||
it("Unicode chars", function () { | ||
var options = {}; | ||
var unicodeSourceCode = "console.log('I ♡ WebAppSec!');\n"; | ||
var expect = "sha256-TH5eRuwfOSKZE0EKVF4WZ6gVQ/zUch4CZE2knqpS4MU="; | ||
var result = sriToolbox.generate(options, unicodeSourceCode); | ||
assert.equal(expect, result); | ||
}); | ||
it("Custom", function () { | ||
var options = { | ||
type: "application/javascript", | ||
algorithms: ["sha512"], | ||
delimiter: " " | ||
}; | ||
var expect = "type:application/javascript sha512-OqaFaP8lkurUEqDH9cOavDesVi8At8Fq8HzV7/iBqtznfscQQLNsCtnC0qpO3XdE+nKw9Ey4tIXU8oOxtJwhQQ=="; | ||
var expect = "sha512-OqaFaP8lkurUEqDH9cOavDesVi8At8Fq8HzV7/iBqtznfscQQLNsCtnC0qpO3XdE+nKw9Ey4tIXU8oOxtJwhQQ=="; | ||
var result = sriToolbox.generate(options, sourceCode); | ||
@@ -34,4 +41,3 @@ assert.equal(expect, result); | ||
var options = { | ||
full: true, | ||
type: "application/javascript; charset: utf8" | ||
full: true | ||
}; | ||
@@ -42,4 +48,3 @@ var expect = { | ||
}, | ||
type: "application/javascript", | ||
integrity: "type:application/javascript sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg=" | ||
integrity: "sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg=" | ||
}; | ||
@@ -50,20 +55,2 @@ var result = sriToolbox.generate(options, sourceCode); | ||
it("Malformed type", function () { | ||
var options = { | ||
type: "application/javascr\"ipt; IGNORE THIS ", | ||
}; | ||
var expect = "type:application/javascript sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg="; | ||
var result = sriToolbox.generate(options, sourceCode); | ||
assert.equal(expect, result); | ||
}); | ||
it("RFC-6838 chars", function () { | ||
var options = { | ||
type: "text/aA!#$&-^_+.", | ||
}; | ||
var expect = "type:text/aA!#$&-^_+. sha256-C6CB9UYIS9UJeqinPHWTHVqh/E1uhG5Twh+Y5qFQmYg="; | ||
var result = sriToolbox.generate(options, sourceCode); | ||
assert.equal(expect, result); | ||
}); | ||
}); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
99901
104
61