-
Notifications
You must be signed in to change notification settings - Fork 0
/
csp-hash.php
103 lines (94 loc) · 3.9 KB
/
csp-hash.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<?php
declare(strict_types=1);
define('VERBOSE', false);
$file = $argv[1] ?? 'https://spiro.se/';
echo '# FILE: ', $file, ' #', PHP_EOL;
$d = new DomDocument();
@$d->loadHTMLFile($file);
$xpath = new DOMXpath($d);
$head_styles = $xpath->query('/html/head/style');
echo '# styles in head: ', $head_styles->length, PHP_EOL;
if($head_styles->length > 0) {
/** @var DOMNode $head_style */
foreach($head_styles as $head_style) {
$src = $head_style->attributes->getNamedItem('src');
if($src && $src->textContent) {
if(VERBOSE) {
echo '## skipping style with source: ', $src->textContent, PHP_EOL;
}
continue;
}
$hash = base64_encode(hash('sha256', $head_style->textContent, true));
$filename = 'hashes/' . strtr($hash, ['/' => '_']) . '.css';
file_put_contents(__DIR__ . '/' . $filename, $head_style->textContent);
echo 'sha256-', $hash, ' (', $filename, ')', PHP_EOL;
}
}
$body_styles = $xpath->query('/html/body//style');
echo '# styles in body: ', $body_styles->length, PHP_EOL;
if($body_styles->length > 0) {
/** @var DOMNode $head_style */
foreach($body_styles as $body_style) {
$src = $body_style->attributes->getNamedItem('src');
if($src && $src->textContent) {
if(VERBOSE) {
echo '## skipping style with source: ', $src->textContent, PHP_EOL;
}
continue;
}
$hash = base64_encode(hash('sha256', $body_style->textContent, true));
$filename = 'hashes/' . strtr($hash, ['/' => '_']) . '.css';
file_put_contents(__DIR__ . '/' . $filename, $body_style->textContent);
echo 'sha256-', $hash, ' (', $filename, ')', PHP_EOL;
}
}
$head_scripts = $xpath->query('/html/head/script');
echo '# scripts in head: ', $head_scripts->length, PHP_EOL;
if($head_scripts->length > 0) {
/** @var DOMNode $head_script */
foreach($head_scripts as $head_script) {
$src = $head_script->attributes->getNamedItem('src');
if($src && $src->textContent) {
if(VERBOSE) {
echo '## skipping script with source: ', $src->textContent, PHP_EOL;
}
continue;
}
$type = $head_script->attributes->getNamedItem('type');
if($type && $type->textContent && strtolower($type->textContent) !== 'script/javascript') {
if(VERBOSE) {
echo '## skipping script with unknown type: ', $type->textContent, PHP_EOL;
}
continue;
}
$hash = base64_encode(hash('sha256', $head_script->textContent, true));
$filename = 'hashes/' . strtr($hash, ['/' => '_']) . '.js';
file_put_contents(__DIR__ . '/' . $filename, $head_script->textContent);
echo 'sha256-', $hash, ' (', $filename, ')', PHP_EOL;
}
}
$body_scripts = $xpath->query('/html/body//script');
echo '# scripts in body: ', $body_scripts->length, PHP_EOL;
if($body_scripts->length > 0) {
/** @var DOMNode $body_script */
foreach($body_scripts as $body_script) {
$src = $body_script->attributes->getNamedItem('src');
if($src && $src->textContent) {
if(VERBOSE) {
echo '## skipping script with source: ', $src->textContent, PHP_EOL;
}
continue;
}
$type = $body_script->attributes->getNamedItem('type');
if($type && $type->textContent && strtolower($type->textContent) !== 'text/javascript') {
if(VERBOSE) {
echo '## skipping script with unknown type: ', $type->textContent, PHP_EOL;
}
continue;
}
$hash = base64_encode(hash('sha256', $body_script->textContent, true));
$filename = 'hashes/' . strtr($hash, ['/' => '_']) . '.js';
file_put_contents(__DIR__ . '/' . $filename, $body_script->textContent);
echo 'sha256-', $hash, ' (', $filename, ')', PHP_EOL;
}
}