Created
June 5, 2016 18:58
-
-
Save attilagyorffy/d29e80fdd29023fab6d9b681aae21a8c to your computer and use it in GitHub Desktop.
Load external jQuery using Subresource Integrity for better security
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- Referencing jQuery using SRI: --> | |
| <script src="https://code.jquery.com/jquery-2.2.4.min.js" integrity="sha384-rY/jv8mMhqDabXSo+UCggqKtdmBfd3qC2/KvyTDNQ6PcUJXaxK1tMepoQda4g5vB" crossorigin="anonymous"></script> | |
| <!-- | |
| - But Attila, you say SRI. What the hell is that? | |
| - Good Question! SRI stands for Subresource Integrity. It's a new way of telling your browser to | |
| verify the checksum of the file you reference from a domain that is not under your control. | |
| Pretty much the same way shell scripts and package managers ensure a matching checksum of files | |
| when they are downloaded. It's the same idea, except in the context of web browser security. | |
| Notice the integrity attribute of the <script> tag? There you go. This way you can securely | |
| reference external dependencies without worrying about getting XSSd. | |
| Read more about this: | |
| https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity | |
| --> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment