Merge pull request #529 from gjtorikian/blacklist-stylesheet-links

Check only stylesheet link rels rather than whitelisting other rels

Author: gjtorikian

lib/html-proofer/check/links.rb

@@ -129,10 +129,12 @@ def find_fragments(html, fragment_ids)
     html.xpath(*xpaths)
   end
 
-  IGNORABE_REL = %(canonical alternate next prev previous icon manifest apple-touch-icon)
+  # Whitelist for affected elements from Subresource Integrity specification
+  # https://w3c.github.io/webappsec-subresource-integrity/#link-element-for-stylesheets
+  SRI_REL_TYPES = %(stylesheet)
 
   def check_sri(line, content)
-    return if IGNORABE_REL.include?(@link.rel)
+    return unless SRI_REL_TYPES.include?(@link.rel)
     if !defined?(@link.integrity) && !defined?(@link.crossorigin)
       add_issue("SRI and CORS not provided in: #{@link.src}", line: line, content: content)
     elsif !defined?(@link.integrity)

spec/html-proofer/fixtures/links/link_with_me.html

@@ -0,0 +1,8 @@
+<html>
+  <head>
+    <link rel="me" href="https://github.com/gjtorikian/html-proofer" />
+    <link rel="webmention" href="https://webmention.io/username/webmention" />
+    <link rel="pingback" href="https://webmention.io/username/xmlrpc" />
+  </head>
+  <body></body>
+</html>

spec/html-proofer/fixtures/vcr_cassettes/links/link_with_me_html_check_sri_true_log_level_error_type_file_.yml

@@ -609,6 +609,12 @@
     expect(proofer.failed_tests).to eq []
   end
 
+  it 'is not checking SRI and CORS for indieweb links with rel "me", "webmention", or "pingback"' do
+    file = "#{FIXTURES_DIR}/links/link_with_me.html"
+    proofer = run_proofer(file, :file, check_sri: true)
+    expect(proofer.failed_tests).to eq []
+  end
+
   it 'can link to external non-unicode hash' do
     file = "#{FIXTURES_DIR}/links/hash_to_unicode_ref.html"
     proofer = run_proofer(file, :file, check_external_hash: true)