From 3d7090c08c333fcfb10ad9e2d6cf72e2acb7d87f Mon Sep 17 00:00:00 2001 From: Julian Scheid Date: Sun, 18 Oct 2020 17:46:46 +1300 Subject: [PATCH] Fix hash lookup for dynamic chunks Closes #131 --- examples/dynamic-modified/README.md | 3 +++ examples/dynamic-modified/corrupt.js | 1 + examples/dynamic-modified/index.js | 5 +++++ examples/dynamic-modified/test.js | 18 ++++++++++++++++++ examples/dynamic-modified/webpack.config.js | 18 ++++++++++++++++++ jmtp.js | 11 +++++++++-- package.json | 2 +- 7 files changed, 55 insertions(+), 3 deletions(-) create mode 100644 examples/dynamic-modified/README.md create mode 100644 examples/dynamic-modified/corrupt.js create mode 100644 examples/dynamic-modified/index.js create mode 100644 examples/dynamic-modified/test.js create mode 100644 examples/dynamic-modified/webpack.config.js diff --git a/examples/dynamic-modified/README.md b/examples/dynamic-modified/README.md new file mode 100644 index 0000000..d0480bf --- /dev/null +++ b/examples/dynamic-modified/README.md @@ -0,0 +1,3 @@ +# With a modified dynamically loaded chunk #hwp + +Ensure that when a chunk is modified, it fails to load. diff --git a/examples/dynamic-modified/corrupt.js b/examples/dynamic-modified/corrupt.js new file mode 100644 index 0000000..1b072a3 --- /dev/null +++ b/examples/dynamic-modified/corrupt.js @@ -0,0 +1 @@ +console.log('this should never load'); diff --git a/examples/dynamic-modified/index.js b/examples/dynamic-modified/index.js new file mode 100644 index 0000000..3ac0327 --- /dev/null +++ b/examples/dynamic-modified/index.js @@ -0,0 +1,5 @@ +import("./corrupt").then(function error() { + console.log('error'); +}).catch(function ok() { + console.log('ok'); +}); diff --git a/examples/dynamic-modified/test.js b/examples/dynamic-modified/test.js new file mode 100644 index 0000000..70b5fe7 --- /dev/null +++ b/examples/dynamic-modified/test.js @@ -0,0 +1,18 @@ +var webpackVersionComponents = require('webpack/package.json').version.split( + '.' +); +var webpackVersionMajor = Number(webpackVersionComponents[0]); + +var defaultCheck = require("../../test/defaultCheck"); +var fs = require('fs'); + +module.exports.skip = function skip() { + return webpackVersionMajor < 2; +}; + +module.exports.check = function check(stats, url, browser) { + const otherAsset = Object.keys(stats.compilation.assets).find(key => key !== 'index.js' && key.endsWith(".js")); + fs.writeFileSync('dist/' + otherAsset, 'xxx'); + + return defaultCheck(stats, url, browser); +}; diff --git a/examples/dynamic-modified/webpack.config.js b/examples/dynamic-modified/webpack.config.js new file mode 100644 index 0000000..51b9b7a --- /dev/null +++ b/examples/dynamic-modified/webpack.config.js @@ -0,0 +1,18 @@ +var SriPlugin = require('webpack-subresource-integrity'); +var HtmlWebpackPlugin = require('html-webpack-plugin'); + +module.exports = { + entry: { + index: './index.js' + }, + output: { + crossOriginLoading: 'anonymous' + }, + plugins: [ + new SriPlugin({ + hashFuncNames: ['sha256', 'sha384'], + enabled: true + }), + new HtmlWebpackPlugin() + ] +}; diff --git a/jmtp.js b/jmtp.js index 79c99c8..bb51071 100644 --- a/jmtp.js +++ b/jmtp.js @@ -7,6 +7,10 @@ var Template = require('webpack/lib/Template'); var util = require('./util'); +var webpackVersionComponents = require('webpack/package.json').version.split( + '.' +); +var webpackVersionMajor = Number(webpackVersionComponents[0]); function WebIntegrityJsonpMainTemplatePlugin(sriPlugin, compilation) { this.sriPlugin = sriPlugin; @@ -47,7 +51,7 @@ WebIntegrityJsonpMainTemplatePlugin.prototype.addSriHashes = * Patch jsonp-script code to add the integrity attribute. */ WebIntegrityJsonpMainTemplatePlugin.prototype.addAttribute = - function addAttribute(mainTemplate, elName, source, chunk) { + function addAttribute(mainTemplate, elName, source) { const outputOptions = this.compilation.outputOptions || mainTemplate.outputOptions; if (!outputOptions.crossOriginLoading) { this.sriPlugin.errorOnce( @@ -55,9 +59,12 @@ WebIntegrityJsonpMainTemplatePlugin.prototype.addAttribute = 'webpack option output.crossOriginLoading not set, code splitting will not work!' ); } + return (Template.asString || mainTemplate.asString)([ source, - elName + '.integrity = __webpack_require__.sriHashes[' + (chunk ? `'${chunk.id}'` : 'chunkId') + '];', + elName + '.integrity = __webpack_require__.sriHashes[' + + ((webpackVersionMajor >= 5 && elName === 'script') ? 'key.match(/^chunk-([0-9]+)$/)[1]' : 'chunkId') + + '];', elName + '.crossOrigin = ' + JSON.stringify(outputOptions.crossOriginLoading) + ';', ]); }; diff --git a/package.json b/package.json index 0ba6065..37dd2a0 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "webpack-subresource-integrity", - "version": "1.5.0", + "version": "1.5.1", "description": "Webpack plugin for enabling Subresource Integrity", "engines": { "node": ">=4"