Redstoner/redstoner.com
Archived
0
Fork 0
Code Issues Pull Requests 2 Wiki Activity

use Subresource Integrity for externally hosted javascript

Browse Source 
browsers will calculate the sha256 hash of the script and compare it to the value of the integrity attribute
if the values do not match, the browser will refuse to execute it.

note: the shasum is written in base64 encoding, not the (more common) hex format!
This commit is contained in:
jomo
2015-12-03 23:07:46 +01:00
parent e50f1fffee
commit 560f83ce88
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/views/layouts/application.html.erb
View File

@@ -7,7 +7,7 @@
<%= stylesheet_link_tag "application", :media => "all" %>
<%= csrf_meta_tags %>
<%= favicon_link_tag "favicon.ico" %>
<%= javascript_include_tag "https://cdn.rawgit.com/jomo/ago.js/master/ago.min.js" %>
<%= javascript_include_tag "https://cdn.rawgit.com/jomo/ago.js/master/ago.min.js", crossorigin: :anonymous, integrity: "sha256-xw0JUUdbuZQCVO+QScoxrlEsD4nZGCjMRh9PP8GLhcY=" %>
<%= javascript_include_tag "application" %>
<link type="application/atom+xml" rel="alternate" href="<%= blogposts_path(:atom) %>">
<%= yield(:site_headers) %>