Skip to content

Instantly share code, notes, and snippets.

@attilagyorffy
Created June 5, 2016 18:58
Show Gist options
  • Save attilagyorffy/d29e80fdd29023fab6d9b681aae21a8c to your computer and use it in GitHub Desktop.
Save attilagyorffy/d29e80fdd29023fab6d9b681aae21a8c to your computer and use it in GitHub Desktop.
Load external jQuery using Subresource Integrity for better security
<!-- Referencing jQuery using SRI: -->
<script src="https://code.jquery.com/jquery-2.2.4.min.js" integrity="sha384-rY/jv8mMhqDabXSo+UCggqKtdmBfd3qC2/KvyTDNQ6PcUJXaxK1tMepoQda4g5vB" crossorigin="anonymous"></script>
<!--
- But Attila, you say SRI. What the hell is that?
- Good Question! SRI stands for Subresource Integrity. It's a new way of telling your browser to
verify the checksum of the file you reference from a domain that is not under your control.
Pretty much the same way shell scripts and package managers ensure a matching checksum of files
when they are downloaded. It's the same idea, except in the context of web browser security.
Notice the integrity attribute of the <script> tag? There you go. This way you can securely
reference external dependencies without worrying about getting XSSd.
Read more about this:
https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment