@@ -349,23 +349,33 @@ spec: SHA2; urlPrefix: http://csrc.nist.gov/publications/fips/fips180-4/fips-180
349349
350350 ### Parse |metadata| ### {#parse-metadata}
351351
352- This algorithm accepts a string, and returns either `no metadata`, or a set of
353- valid hash expressions whose hash functions are understood by
354- the user agent.
352+ This algorithm accepts a string, and returns a set of hash expressions whose
353+ hash functions are understood by the user agent.
355354
356355 1. Let |result| be the empty set.
357- 2. Let |empty| be equal to `true`.
358- 3. For each |token| returned by <a lt="strictly split">splitting |metadata| on
359- spaces</a> :
360- 1. Set |empty| to `false`.
361- 2. Parse |token| as a <a grammar>hash-with-options</a> .
362- 3. If |token| does not parse, [=continue=] to the next token.
363- 4. Let |algorithm| be the <a grammar>hash-algo</a> component of
364- |token|.
365- 5. If |algorithm| is a hash function recognized by the user
366- agent, add the parsed |token| to |result|.
367- 4. Return `no metadata` if |empty| is `true`, otherwise return
368- |result|.
356+ 2. For each |item| returned by <a lt="strictly split">splitting</a>
357+ |metadata| on spaces:
358+ 1. Let |hash-with-opt-token-list| be the result of
359+ <a lt="strictly split">splitting</a> |item| on U+003F (?).
360+ 2. Let |hash-expression| be |hash-with-opt-token-list|[0] .
361+ 3. Let |base64-value| be the empty string.
362+ 4. Let |hash-expr-token-list| be the result of
363+ <a lt="strictly split">splitting</a> |hash-expression| on U+002D (-).
364+ 5. Let |algorithm| be |hash-expr-token-list|[0] .
365+ 6. If |hash-expr-token-list|[1] <a for=list>exists</a> , set
366+ |base64-value| to |hash-expr-token-list|[1] .
367+ 7. If |algorithm| is not a hash function recognized by the user agent,
368+ [=continue=] .
369+ 8. Let |metadata| be the ordered map «["alg" → |algorithm|,
370+ "val" → |base64-value|]».
371+
372+ Note: Since no `options` are defined (see the
373+ [[#integrity-metadata-description]] ), a corresponding entry is not set
374+ in |metadata|. If `options` are defined in a future version,
375+ |hash-with-opt-token-list|[1] can be utilized as `options`.
376+
377+ 9. <a for=list>Append</a> |metadata| to |result|.
378+ 3. Return |result|.
369379
370380 ### Get the strongest metadata from |set| ### {#get-the-strongest-metadata}
371381
@@ -390,21 +400,18 @@ spec: SHA2; urlPrefix: http://csrc.nist.gov/publications/fips/fips180-4/fips-180
390400
391401 1. Let |parsedMetadata| be the result of
392402 <a href="#parse-metadata">parsing |metadataList|</a> .
393- 2. If |parsedMetadata| is `no metadata`, return `true`.
394- 3. If |parsedMetadata| is the empty set, return `true`.
395- 4. Let |metadata| be the result of <a href="#get-the-strongest-metadata">
403+ 2. If |parsedMetadata| [=set/is empty=] set, return `true`.
404+ 3. Let |metadata| be the result of <a href="#get-the-strongest-metadata">
396405 getting the strongest metadata from |parsedMetadata|</a> .
397- 5. For each |item| in |metadata|:
398- 1. Let |algorithm| be the |alg| component of
399- |item|.
400- 2. Let |expectedValue| be the |val| component of
401- |item|.
406+ 4. For each |item| in |metadata|:
407+ 1. Let |algorithm| be the |item|["alg"] .
408+ 2. Let |expectedValue| be the |item|["val"] .
402409 3. Let |actualValue| be the result of <a
403410 href="#apply-algorithm-to-response"> applying |algorithm| to |bytes|
404411 </a> .
405412 4. If |actualValue| is a case-sensitive match for
406413 |expectedValue|, return `true`.
407- 6 . Return `false`.
414+ 5 . Return `false`.
408415
409416 This algorithm allows the user agent to accept multiple, valid strong hash
410417 functions. For example, a developer might write a `script` element such as:
0 commit comments