search

realm / realm-js

Realm is a mobile database: an alternative to SQLite & key-value stores
https://realm.io
Apache License 2.0
5.69k stars 563 forks source link

Generate SRI hash for our `realm-web` IIFE bundle #6767

Open kraenhansen opened 3 weeks ago

kraenhansen commented 3 weeks ago

To help developers secure themselves against code injection attacks through CDNs (https://unpkg.com/ in our case), I suggest we derive a hash of the IIFE bundle (following instructions on https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) and including this as the integrity on the script-tag in our README.md.

sync-by-unito[bot] commented 3 weeks ago

➤ PM Bot commented:

Jira ticket: RJS-2851