fix: not try to add integrity to tags with remote url

[LingyuCoder]

Summary

fix #12251

Related links

Checklist

• Tests updated (or not required).
• Documentation updated (or not required).

[netlify]

✅ Deploy Preview for rspack canceled.

Name	Link
🔨 Latest commit	e1222cb
🔍 Latest deploy log	https://app.netlify.com/projects/rspack/deploys/6920281799341600086b11ac

[Copilot]

Pull Request Overview

This PR fixes an issue where the Subresource Integrity (SRI) plugin was attempting to add integrity attributes to script and link tags with remote URLs (http/https), which would fail since the build system cannot compute integrity hashes for external resources not part of the build output.

Key Changes

• Added logic to skip SRI processing for tags with remote URLs (http/https protocol) that don't match the publicPath
• Implemented the fix consistently in both TypeScript (for HtmlRspackPlugin/HtmlWebpackPlugin integration) and Rust (for native implementation)
• Added comprehensive test coverage for both plugin types to verify remote URLs are excluded from integrity processing while local bundles still receive integrity attributes

Reviewed Changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
packages/rspack/src/builtin-plugin/SubresourceIntegrityPlugin.ts	Added URL parsing logic to skip remote URLs in the processTag method
crates/rspack_plugin_sri/src/html.rs	Added equivalent Rust implementation to skip remote URLs in process_tag function
crates/rspack_plugin_sri/Cargo.toml	Added url crate dependency for URL parsing, minor formatting adjustment to lints section
Cargo.lock	Updated to include url dependency for rspack_plugin_sri
tests/rspack-test/configCases/sri/remote-src/rspack.config.js	Added test configurations for both HtmlRspackPlugin and HtmlWebpackPlugin to verify remote URLs are excluded
tests/rspack-test/configCases/sri/remote-src/index.js	Added minimal test entry point
tests/rspack-test/configCases/sri/remote-src/test.config.js	Configured test to skip runtime tests (noTests: true) since verification is done via compilation hooks

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[github-actions]

📦 Binary Size-limit

Comparing e1222cb to feat: support SRI with experiments.css and CssExtractRspackPlugin (#12239) by harpsealjs

❌ Size increased by 512bytes from 47.63MB to 47.63MB (⬆️0.00%)

[codspeed-hq]

CodSpeed Performance Report

Merging #12262 will not alter performance

_{Comparing fix/sri-remote-url (e1222cb) with main (7763043)}

Summary

✅ 17 untouched

[nanianlisao]

@LingyuCoder
Could you please further improve compatibility with paths starting with //? Sometimes, protocols might be intentionally ignored to prevent browser warnings, for example, when using '//cdn.xx1/unpkg/um.js'