1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
From: Dmitry Shachnev <mitya57@debian.org>
Date: Tue, 28 Mar 2023 14:23:03 +0300
Subject: Caclulate integrity checksum on runtime rather than hardcoding it
We are using packaged jQuery, checksum of which may change at any time.
Forwarded: not-needed
---
sphinxcontrib/jquery/__init__.py | 7 +++++++
tests/test_jquery_installed.py | 9 +--------
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/sphinxcontrib/jquery/__init__.py b/sphinxcontrib/jquery/__init__.py
index e060cd7..9b369a8 100644
--- a/sphinxcontrib/jquery/__init__.py
+++ b/sphinxcontrib/jquery/__init__.py
@@ -1,5 +1,7 @@
from os import makedirs, path
import shutil
+import base64
+import hashlib
import sphinx
@@ -29,6 +31,11 @@ def add_js_files(app, config):
# does not trigger the hash check but instead blocks the request
# when viewing documentation locally through the ``file://`` URIs.
if config.jquery_use_sri:
+ if filename == "jquery.js":
+ with open("/usr/share/javascript/jquery/jquery.min.js", "rb") as f:
+ checksum = hashlib.file_digest(f, hashlib.sha384)
+ encoded = base64.b64encode(checksum.digest()).decode("ascii")
+ integrity = f"sha384-{encoded}"
app.add_js_file(filename, priority=100, integrity=integrity)
else:
app.add_js_file(filename, priority=100)
diff --git a/tests/test_jquery_installed.py b/tests/test_jquery_installed.py
index 08c25ba..d0537d0 100644
--- a/tests/test_jquery_installed.py
+++ b/tests/test_jquery_installed.py
@@ -38,10 +38,6 @@ def test_jquery_installed_sphinx_ge_60_use_sri(blank_app):
out_dir = blank_app(confoverrides={"extensions": ["sphinxcontrib.jquery"], "jquery_use_sri": True})
text = out_dir.joinpath("index.html").read_text(encoding="utf-8")
- checksum = '?v=5d32c60e' if sphinx.version_info[:2] >= (7, 1) else ''
- assert ('<script '
- 'integrity="sha384-vtXRMe3mGCbOeY7l30aIg8H9p3GdeSe4IFlP6G8JMa7o7lXvnz3GFKzPxzJdPfGK" '
- f'src="_static/jquery.js{checksum}"></script>') in text
checksum = '?v=2cd50e6c' if sphinx.version_info[:2] >= (7, 1) else ''
assert ('<script '
'integrity="sha384-lSZeSIVKp9myfKbDQ3GkN/KHjUc+mzg17VKDN4Y2kUeBSJioB9QSM639vM9fuY//" '
@@ -58,9 +54,6 @@ def test_jquery_installed_sphinx_ge_60(blank_app):
out_dir = blank_app(confoverrides={"extensions": ["sphinxcontrib.jquery"]})
text = out_dir.joinpath("index.html").read_text(encoding="utf-8")
- checksum = '?v=5d32c60e' if sphinx.version_info[:2] >= (7, 1) else ''
- assert ('<script '
- f'src="_static/jquery.js{checksum}"></script>') in text
checksum = '?v=2cd50e6c' if sphinx.version_info[:2] >= (7, 1) else ''
assert ('<script '
f'src="_static/_sphinx_javascript_frameworks_compat.js{checksum}"></script>') in text
@@ -90,7 +83,7 @@ def test_jquery_installed_sphinx_lt_60(blank_app):
assert static_dir.joinpath('_sphinx_javascript_frameworks_compat.js').is_file()
-@pytest.mark.parametrize(('filename', 'integrity'), _FILES, ids=[*dict(_FILES)])
+@pytest.mark.parametrize(('filename', 'integrity'), _FILES[1:], ids=[*dict(_FILES[1:])])
def test_integrity(filename, integrity):
checksum = hashlib.sha384(Path(_ROOT_DIR, filename).read_bytes())
encoded = base64.b64encode(checksum.digest()).decode(encoding='ascii')
|