Did you know that there's an "integrity" attribute for "script" and "link" elements and it's supported by Chrome and Firefox?
CSE HTML Validator v17 (not yet released) will support this attribute and perform several checks on it while the latest config file for v16 now recognizes this attribute (but doesn't check it as thoroughly as v17 will) and can be downloaded here:
https://www.htmlvalidator.com/htmlvalV160cfg.zip
This attribute helps insure that content and resources like scripts and CSS from content delivery networks are not tampered with.
More information can be found at these links:
Do not let your CDN betray you: Use Subresource Integrity
What are the integrity and crossorigin attribute?
https://developer.mozilla.org/en-US/doc ... _Integrity
https://w3c.github.io/webappsec-subreso ... -attribute
Subresource Integrity and the integrity attribute
- Albert Wiersch
- Site Admin
- Posts: 3785
- Joined: Sat Dec 11, 2004 9:23 am
- Location: Near Dallas, TX
- Contact:
Subresource Integrity and the integrity attribute
Albert Wiersch, CSS HTML Validator Developer • Download CSS HTML Validator FREE Trial
- MikeGale
- Rank VI - Professional
- Posts: 726
- Joined: Mon Dec 13, 2004 1:50 pm
- Location: Tannhauser Gate
Re: Subresource Integrity and the integrity attribute
Great to see that this is live.
A simple and effective approach.
Best when there are separate sources for markup and resources.
A simple and effective approach.
Best when there are separate sources for markup and resources.