Merge pull request #132 from waysact/issue-131

Fix hash lookup for dynamic chunks
waysact · Oct 18, 2020 · ed3c8cd · ed3c8cd
2 parents 1d6bfcd + 3d7090c
commit ed3c8cd
Show file tree

Hide file tree

Showing 7 changed files with 55 additions and 3 deletions.
diff --git a/examples/dynamic-modified/README.md b/examples/dynamic-modified/README.md
@@ -0,0 +1,3 @@
+# With a modified dynamically loaded chunk #hwp
+
+Ensure that when a chunk is modified, it fails to load.
diff --git a/examples/dynamic-modified/corrupt.js b/examples/dynamic-modified/corrupt.js
@@ -0,0 +1 @@
+console.log('this should never load');
diff --git a/examples/dynamic-modified/index.js b/examples/dynamic-modified/index.js
@@ -0,0 +1,5 @@
+import("./corrupt").then(function error() {
+  console.log('error');
+}).catch(function ok() {
+  console.log('ok');
+});
diff --git a/examples/dynamic-modified/test.js b/examples/dynamic-modified/test.js
@@ -0,0 +1,18 @@
+var webpackVersionComponents = require('webpack/package.json').version.split(
+  '.'
+);
+var webpackVersionMajor = Number(webpackVersionComponents[0]);
+
+var defaultCheck = require("../../test/defaultCheck");
+var fs = require('fs');
+
+module.exports.skip = function skip() {
+  return webpackVersionMajor < 2;
+};
+
+module.exports.check = function check(stats, url, browser) {
+  const otherAsset = Object.keys(stats.compilation.assets).find(key => key !== 'index.js' && key.endsWith(".js"));
+  fs.writeFileSync('dist/' + otherAsset, 'xxx');
+
+  return defaultCheck(stats, url, browser);
+};
diff --git a/examples/dynamic-modified/webpack.config.js b/examples/dynamic-modified/webpack.config.js
@@ -0,0 +1,18 @@
+var SriPlugin = require('webpack-subresource-integrity');
+var HtmlWebpackPlugin = require('html-webpack-plugin');
+
+module.exports = {
+  entry: {
+    index: './index.js'
+  },
+  output: {
+    crossOriginLoading: 'anonymous'
+  },
+  plugins: [
+    new SriPlugin({
+      hashFuncNames: ['sha256', 'sha384'],
+      enabled: true
+    }),
+    new HtmlWebpackPlugin()
+  ]
+};
diff --git a/jmtp.js b/jmtp.js
@@ -7,6 +7,10 @@
 
 var Template = require('webpack/lib/Template');
 var util = require('./util');
+var webpackVersionComponents = require('webpack/package.json').version.split(
+  '.'
+);
+var webpackVersionMajor = Number(webpackVersionComponents[0]);
 
 function WebIntegrityJsonpMainTemplatePlugin(sriPlugin, compilation) {
   this.sriPlugin = sriPlugin;
@@ -47,17 +51,20 @@ WebIntegrityJsonpMainTemplatePlugin.prototype.addSriHashes =
  *  Patch jsonp-script code to add the integrity attribute.
  */
 WebIntegrityJsonpMainTemplatePlugin.prototype.addAttribute =
-  function addAttribute(mainTemplate, elName, source, chunk) {
+  function addAttribute(mainTemplate, elName, source) {
     const outputOptions = this.compilation.outputOptions || mainTemplate.outputOptions;
     if (!outputOptions.crossOriginLoading) {
       this.sriPlugin.errorOnce(
         this.compilation,
         'webpack option output.crossOriginLoading not set, code splitting will not work!'
       );
     }
+
     return (Template.asString || mainTemplate.asString)([
       source,
-      elName + '.integrity = __webpack_require__.sriHashes[' + (chunk ? `'${chunk.id}'` : 'chunkId') + '];',
+      elName + '.integrity = __webpack_require__.sriHashes[' +
+        ((webpackVersionMajor >= 5 && elName === 'script') ? 'key.match(/^chunk-([0-9]+)$/)[1]' : 'chunkId') +
+        '];',
       elName + '.crossOrigin = ' + JSON.stringify(outputOptions.crossOriginLoading) + ';',
     ]);
   };

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "webpack-subresource-integrity",
-  "version": "1.5.0",
+  "version": "1.5.1",
   "description": "Webpack plugin for enabling Subresource Integrity",
   "engines": {
     "node": ">=4"