| 28830 | return this.toString() |
| 28831 | } |
| 28832 | toString (opts) { |
| 28833 | if (opts && opts.strict) { |
| 28834 | // Strict mode enforces the standard as close to the foot of the |
| 28835 | // letter as it can. |
| 28836 | if (!( |
| 28837 | // The spec has very restricted productions for algorithms. |
| 28838 | // https://www.w3.org/TR/CSP2/#source-list-syntax |
| 28839 | SPEC_ALGORITHMS.some(x => x === this.algorithm) && |
| 28840 | // Usually, if someone insists on using a "different" base64, we |
| 28841 | // leave it as-is, since there's multiple standards, and the |
| 28842 | // specified is not a URL-safe variant. |
| 28843 | // https://www.w3.org/TR/CSP2/#base64_value |
| 28844 | this.digest.match(BASE64_REGEX) && |
| 28845 | // Option syntax is strictly visual chars. |
| 28846 | // https://w3c.github.io/webappsec-subresource-integrity/#grammardef-option-expression |
| 28847 | // https://tools.ietf.org/html/rfc5234#appendix-B.1 |
| 28848 | (this.options || []).every(opt => opt.match(VCHAR_REGEX)) |
| 28849 | )) { |
| 28850 | return '' |
| 28851 | } |
| 28852 | } |
| 28853 | const options = this.options && this.options.length |
| 28854 | ? `?${this.options.join('?')}` |
| 28855 | : '' |
| 28856 | return `${this.algorithm}-${this.digest}${options}` |
| 28857 | } |
| 28858 | } |
| 28859 | |
| 28860 | class Integrity { |