-
Not something I am likely to get around to but it should be considered for integration in Orchard as Orchard has built in CDN support:
- https://www.tinfoilsecurity.com/blog/subresource-integrity
- ht…
-
Subresource Integrity (SRI) is a security feature that enables browsers to verify that third-party resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It work…
-
Since `dart_to_js_script_rewriter` is already rewriting the tag it would be great if it automatically included a [subresource integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresou…
-
This checks if integrity hashes are used on dynamic resources like script and link tags (not svg). The integrity is a hash of a resource that browser uses to check if the retrieved resource is the one…
-
Currently the documentation for the `integrity` field:
> integrity: The [Subresource Integrity](https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description) checksum of th…
-
To help developers secure themselves against code injection attacks through CDNs (https://unpkg.com/ in our case), I suggest we derive a hash of the IIFE bundle (following instructions on https://deve…
-
![Captura1](https://user-images.githubusercontent.com/17350786/96607839-5ee3b680-12be-11eb-9104-d89d68b33633.PNG)
-
Hey!
Some sites are using [subresource integrity](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) to ensure CDN do not alter the linked resources (notably JS and CSS). …
-
Currently having Subresource Integrity gives you 5 bonus points. These bonus points are not given when scripts are blocked alltogether with csp script-src: 'none'.
One would expect blocking all scr…
-
http://githubengineering.com/subresource-integrity/
Sounds like an easy enough thing to add.