diff --git a/CHANGELOG.md b/CHANGELOG.md index cb8d3c859..ce575fdc6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,11 @@ +# [6.4.0](https://github.com/karma-runner/karma/compare/v6.3.20...v6.4.0) (2022-06-14) + + +### Features + +* support SRI verification of link tags ([dc51a2e](https://github.com/karma-runner/karma/commit/dc51a2e0e9b9805f7740f52fde01bcd20adc2dfc)) +* support SRI verification of script tags ([6a54b1c](https://github.com/karma-runner/karma/commit/6a54b1c2a1df8214c470b8a5cc8036912874637e)) + ## [6.3.20](https://github.com/karma-runner/karma/compare/v6.3.19...v6.3.20) (2022-05-13) diff --git a/docs/config/02-files.md b/docs/config/02-files.md index aac9304e0..0bab8256c 100644 --- a/docs/config/02-files.md +++ b/docs/config/02-files.md @@ -54,6 +54,11 @@ The `files` array determines which files are included in the browser, watched, a * **Default.** `false` * **Description.** Should the files be served from disk on each request by Karma's webserver? +### `integrity` +* **Type.** String +* **Default.** `undefined` +* **Description.** Set the `integrity` HTML attribute value to the ``) + scriptTags.push(``) } else { - scriptTags.push(``) + scriptTags.push(``) } } } diff --git a/lib/url.js b/lib/url.js index ebe078619..fce5bd1d3 100644 --- a/lib/url.js +++ b/lib/url.js @@ -7,10 +7,11 @@ const { URL } = require('url') * Url object used for tracking files in `file-list.js`. */ class Url { - constructor (path, type) { + constructor (path, type, integrity) { this.path = path this.originalPath = path this.type = type + this.integrity = integrity this.isUrl = true } diff --git a/package-lock.json b/package-lock.json index da0a5af3f..e082a1d87 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "karma", - "version": "6.3.20", + "version": "6.4.0", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 50789b029..c9680a798 100644 --- a/package.json +++ b/package.json @@ -75,6 +75,7 @@ "Pieter Mees ", "Sergei Startsev ", "Tobias Speicher ", + "falsandtru ", "pavelgj ", "sylvain-hamel ", "ywong ", @@ -499,7 +500,7 @@ "engines": { "node": ">= 10" }, - "version": "6.3.20", + "version": "6.4.0", "license": "MIT", "scripts": { "lint": "eslint . --ext js --ignore-pattern *.tpl.js", diff --git a/test/unit/middleware/karma.spec.js b/test/unit/middleware/karma.spec.js index 4f6b873c2..db9c5819b 100644 --- a/test/unit/middleware/karma.spec.js +++ b/test/unit/middleware/karma.spec.js @@ -17,8 +17,8 @@ describe('middleware.karma', () => { let response class MockFile extends File { - constructor (path, sha, type, content) { - super(path, undefined, undefined, type) + constructor (path, sha, type, content, integrity) { + super(path, undefined, undefined, type, undefined, integrity) this.sha = sha || 'sha-default' this.content = content } @@ -230,6 +230,21 @@ describe('middleware.karma', () => { callHandlerWith('/__karma__/context.html') }) + it('should serve context.html with script tags with integrity checking', (done) => { + includedFiles([ + new MockFile('/first.js', 'sha123'), + new MockFile('/second.js', 'sha456', undefined, undefined, 'sha256-XXX') + ]) + + response.once('end', () => { + expect(nextSpy).not.to.have.been.called + expect(response).to.beServedAs(200, 'CONTEXT\n\n') + done() + }) + + callHandlerWith('/__karma__/context.html') + }) + it('should serve context.html with replaced link tags', (done) => { includedFiles([ new MockFile('/first.css', 'sha007'), @@ -242,7 +257,7 @@ describe('middleware.karma', () => { response.once('end', () => { expect(nextSpy).not.to.have.been.called - expect(response).to.beServedAs(200, 'CONTEXT\n\n\n\n\n\n') + expect(response).to.beServedAs(200, 'CONTEXT\n\n\n\n\n\n') done() }) @@ -278,7 +293,22 @@ describe('middleware.karma', () => { response.once('end', () => { expect(nextSpy).not.to.have.been.called - expect(response).to.beServedAs(200, 'CONTEXT\n\n\n\n\n\n\n\n') + expect(response).to.beServedAs(200, 'CONTEXT\n\n\n\n\n\n\n\n') + done() + }) + + callHandlerWith('/__karma__/context.html') + }) + + it('should serve context.html with link tags with integrity checking', (done) => { + includedFiles([ + new MockFile('/first.css', 'sha007', undefined, undefined, 'sha256-XXX'), + new MockFile('/second.html', 'sha678', undefined, undefined, 'sha256-XXX') + ]) + + response.once('end', () => { + expect(nextSpy).not.to.have.been.called + expect(response).to.beServedAs(200, 'CONTEXT\n\n') done() }) @@ -447,7 +477,7 @@ describe('middleware.karma', () => { response.once('end', () => { expect(nextSpy).not.to.have.been.called - expect(response).to.beServedAs(200, 'DEBUG\n\n\n\n\n\n\n\n') + expect(response).to.beServedAs(200, 'DEBUG\n\n\n\n\n\n\n\n') done() }) pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy