Subresource Integrity and the integrity attribute

Post here if your message doesn't fit into another forum but is still about web development. Includes site critiques, web hosting and server questions, helpful software and resources, and more.
Post Reply
User avatar
Albert Wiersch
Site Admin
Site Admin
Posts: 3242
Joined: Sat Dec 11, 2004 9:23 am
Location: Near Dallas, TX
Contact:

Subresource Integrity and the integrity attribute

Post by Albert Wiersch » Mon Jul 18, 2016 7:50 pm

Did you know that there's an "integrity" attribute for "script" and "link" elements and it's supported by Chrome and Firefox?

CSE HTML Validator v17 (not yet released) will support this attribute and perform several checks on it while the latest config file for v16 now recognizes this attribute (but doesn't check it as thoroughly as v17 will) and can be downloaded here:
https://www.htmlvalidator.com/htmlvalV160cfg.zip

http://www.OnlineWebCheck.com/ also supports this attribute (it's currently based on a CSE HTML Validator v17 BETA).

This attribute helps insure that content and resources like scripts and CSS from content delivery networks are not tampered with.

More information can be found at these links:
Do not let your CDN betray you: Use Subresource Integrity
What are the integrity and crossorigin attribute?
https://developer.mozilla.org/en-US/doc ... _Integrity
https://w3c.github.io/webappsec-subreso ... -attribute
Image
Albert Wiersch

User avatar
MikeGale
Rank VI - Professional
Rank VI - Professional
Posts: 699
Joined: Mon Dec 13, 2004 1:50 pm
Location: Tannhauser Gate

Re: Subresource Integrity and the integrity attribute

Post by MikeGale » Thu Jul 28, 2016 6:39 pm

Great to see that this is live.

A simple and effective approach.

Best when there are separate sources for markup and resources.

Post Reply