jekyll-kw-sri 0.0.1 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +36 -14
- data/lib/jekyll-kw-sri.rb +17 -17
- data/lib/jekyll-kw-sri/parser.rb +1 -1
- data/lib/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8105f15bb469e5ce9f911724cca9d4c0f91a5c5562c57cf19d0175c99f1f6937
|
|
4
|
+
data.tar.gz: 56ec904adb6f25f4e837d7666b25a6beda5fee4ce6fc61d731fee22354442282
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4c295991eb27a6f634f2781f6016d94e66651a067d0f25eaf961e6e3d3ea9597cec1793756eb34969609e7dc41627f787498a8745948bfc866c87609a67697ba
|
|
7
|
+
data.tar.gz: 802d07f5d15b93bbccc0af363e33ebff5752a7e8764bb1679a7e15e7d28f3445c90adf8eac26b3fe7a3d789ef9712619368be74e97d53ca092fd122f75838a31
|
data/README.md
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
# jekyll-kw-sri
|
|
2
2
|
|
|
3
|
+
[](https://badge.fury.io/rb/jekyll-kw-sri)
|
|
4
|
+
|
|
3
5
|
A plugin for jekyll to calculate [Subresource Integrity][Wikipedia SRI] (SRI) hashes for CSS (even SCSS and SASS) and JS files during build time.
|
|
4
6
|
|
|
5
7
|
> **Subresource Integrity** (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.
|
|
@@ -8,7 +10,7 @@ from [Mozilla docs][Mozilla Subresource Integrity]
|
|
|
8
10
|
|
|
9
11
|
## Configuration
|
|
10
12
|
|
|
11
|
-
Add `kw-sri` section to `_config.yml` configure the plugin globally.
|
|
13
|
+
Add `kw-sri` section to `_config.yml` configure the plugin globally. If you want to use defauls you can ommit the config-section.
|
|
12
14
|
|
|
13
15
|
```yaml
|
|
14
16
|
kw-sri:
|
|
@@ -25,18 +27,46 @@ kw-sri:
|
|
|
25
27
|
| hash_type | Which kind of integrity hash | sha256, **sha384**, sha512 |
|
|
26
28
|
| write_source_mapping_url | Add the map-file like to the css | false, **true** |
|
|
27
29
|
|
|
28
|
-
|
|
30
|
+
## Action Items / Shell commands
|
|
29
31
|
|
|
30
|
-
|
|
32
|
+
Run linting and tests
|
|
31
33
|
|
|
32
|
-
|
|
34
|
+
```sh
|
|
35
|
+
bundle exec rubocop
|
|
36
|
+
bundle exec rake test
|
|
37
|
+
```
|
|
33
38
|
|
|
34
|
-
|
|
39
|
+
Build gem package
|
|
35
40
|
|
|
36
41
|
```sh
|
|
37
|
-
bundle exec rake
|
|
42
|
+
bundle exec rake build
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
Publish gem package
|
|
46
|
+
|
|
47
|
+
```sh
|
|
48
|
+
bundle exec rake release
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
Calc a SRI Integrity hash of `./style.css` in format `sha256`
|
|
52
|
+
|
|
53
|
+
```shell
|
|
54
|
+
openssl dgst -sha256 -binary ./style.css | openssl base64 -A
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
Calc different **SRI integrity** hash-files from `css-files` (same is valid for `js-files`) in format `sha256`, `sha384` and `sha512` inside a **Makefile**
|
|
58
|
+
|
|
59
|
+
```plain
|
|
60
|
+
calc-integrity-files:
|
|
61
|
+
for strength in 256 384 512 ; do \
|
|
62
|
+
cat ./assets/css/style.min.css | openssl dgst -sha$$strength -binary | openssl base64 -A > ./_includes/integrity/style.min.css.sha$$strength ; \
|
|
63
|
+
cat ./assets/css/main.css | openssl dgst -sha$$strength -binary | openssl base64 -A > ./_includes/integrity/main.css.sha$$strength ; \
|
|
64
|
+
cat ./assets/js/script.js | openssl dgst -sha$$strength -binary | openssl base64 -A > ./_includes/integrity/script.js.sha$$strength ; \
|
|
65
|
+
done
|
|
38
66
|
```
|
|
39
67
|
|
|
68
|
+
## Notes / Hints
|
|
69
|
+
|
|
40
70
|
### Appraisal - Gemfile Generator
|
|
41
71
|
|
|
42
72
|
[GitHub](https://github.com/thoughtbot/appraisal)
|
|
@@ -48,8 +78,6 @@ bundle exec rake test
|
|
|
48
78
|
bundle exec appraisal generate
|
|
49
79
|
```
|
|
50
80
|
|
|
51
|
-
## Notes / Hints
|
|
52
|
-
|
|
53
81
|
### Site context is empty
|
|
54
82
|
|
|
55
83
|
Inside the `render(context)` function of a `Liquid::Tag` there is a context object. With that context you can get the `site` object, anyhow when you want to cretae your temporry **site** and **context** you need a workaround.
|
|
@@ -90,12 +118,6 @@ converter = if defined? site.find_converter_instance
|
|
|
90
118
|
end
|
|
91
119
|
```
|
|
92
120
|
|
|
93
|
-
## SRI Integrity
|
|
94
|
-
|
|
95
|
-
```shell
|
|
96
|
-
openssl dgst -sha256 -binary ./style.css | openssl base64 -A
|
|
97
|
-
```
|
|
98
|
-
|
|
99
121
|
## Setup Steps
|
|
100
122
|
|
|
101
123
|
```sh
|
data/lib/jekyll-kw-sri.rb
CHANGED
|
@@ -10,15 +10,14 @@ module Jekyll
|
|
|
10
10
|
# jekyll-kw-sri custom tag
|
|
11
11
|
class SriScssHashTag < Jekyll::Tags::IncludeRelativeTag
|
|
12
12
|
# class SriScssHashTag < Liquid::Tag
|
|
13
|
+
|
|
14
|
+
# alias super_render render
|
|
15
|
+
|
|
13
16
|
def initialize(tag_name, input, tokens)
|
|
14
17
|
super
|
|
15
18
|
|
|
16
19
|
raise 'Please enter a file path' if input.length <= 0
|
|
17
|
-
|
|
18
|
-
@scss_file = strip_or_self(input)
|
|
19
20
|
# File.exists? is file?
|
|
20
|
-
|
|
21
|
-
@tag_name = tag_name
|
|
22
21
|
end
|
|
23
22
|
|
|
24
23
|
# def syntax_example
|
|
@@ -26,11 +25,6 @@ module Jekyll
|
|
|
26
25
|
# end
|
|
27
26
|
|
|
28
27
|
def render(context)
|
|
29
|
-
# return '' unless context.registers[:page]['sri']
|
|
30
|
-
|
|
31
|
-
# # Read the global configuration
|
|
32
|
-
# @sri_config = context.registers[:site].config['kw-sri'] || {}
|
|
33
|
-
|
|
34
28
|
cache_compiled_scss(@file, context, lambda {
|
|
35
29
|
if context.nil? || context.registers[:site].nil?
|
|
36
30
|
puts 'WARNING: There was no context, generate default site and context'
|
|
@@ -38,15 +32,25 @@ module Jekyll
|
|
|
38
32
|
context = Liquid::Context.new({}, {}, { site: site })
|
|
39
33
|
else
|
|
40
34
|
site = context.registers[:site]
|
|
35
|
+
# Read the global configuration
|
|
36
|
+
@sri_config = context.registers[:site].config['kw-sri'] || {}
|
|
41
37
|
end
|
|
42
38
|
|
|
39
|
+
# Render the context with the base-class
|
|
43
40
|
converter = site.find_converter_instance(Jekyll::Converters::Scss)
|
|
44
|
-
|
|
45
|
-
result = super(context)
|
|
41
|
+
result = super(context) # super_render(context)
|
|
46
42
|
scss = result.gsub(/^---.*---/m, '')
|
|
47
43
|
data = converter.convert(scss)
|
|
48
44
|
|
|
49
|
-
|
|
45
|
+
# Get path out of the file object
|
|
46
|
+
file = render_variable(context) || @file
|
|
47
|
+
validate_file_name(file)
|
|
48
|
+
path = locate_include_file(context, file, site.safe)
|
|
49
|
+
|
|
50
|
+
# Use default config for kw-sri if it is nil
|
|
51
|
+
@sri_config ||= Jekyll::KargWare::Integrity::Configuration::DEFAULT_CONFIG
|
|
52
|
+
|
|
53
|
+
Integrity::Parser.new(@sri_config).calc_integrity(path, data)
|
|
50
54
|
})
|
|
51
55
|
end
|
|
52
56
|
|
|
@@ -66,11 +70,7 @@ module Jekyll
|
|
|
66
70
|
end
|
|
67
71
|
end
|
|
68
72
|
|
|
69
|
-
#
|
|
70
|
-
def strip_or_self(str)
|
|
71
|
-
str.strip! || str
|
|
72
|
-
end
|
|
73
|
-
|
|
73
|
+
# Register the sccs file as include folder
|
|
74
74
|
def tag_includes_dirs(context)
|
|
75
75
|
[context.registers[:site].source].freeze
|
|
76
76
|
end
|
data/lib/jekyll-kw-sri/parser.rb
CHANGED
|
@@ -19,7 +19,7 @@ module Jekyll
|
|
|
19
19
|
data_modified = add_source_mapping_url(filename, data)
|
|
20
20
|
|
|
21
21
|
# Debuging, save rendered css file as tmp file
|
|
22
|
-
File.open("
|
|
22
|
+
File.open("#{filename}.tmp", 'w') { |file| file.write(data_modified) } if @configuration.create_tmpfile
|
|
23
23
|
|
|
24
24
|
case hash_type
|
|
25
25
|
when 'sha256'
|
data/lib/version.rb
CHANGED