Skip to content

Instantly share code, notes, and snippets.

@ericlaw1979

ericlaw1979/SRIHash.js

Last active August 31, 2016 15:31
Show Gist options
  • Save ericlaw1979/b931621fb4e5c4b20b24 to your computer and use it in GitHub Desktop.
Save ericlaw1979/b931621fb4e5c4b20b24 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
SRIHash.js
public BindUITab("Resource Integrity Hashes", "<nowrap><nolink>")
static function ShowSRIHashr(arrSess: Session[]):String
{
var oSB: System.Text.StringBuilder = new System.Text.StringBuilder();
for (var i:int = 0; i<arrSess.Length; i++)
{
if (arrSess[i].HTTPMethodIs("CONNECT")) continue;
if (!arrSess[i].bHasResponse)
{
oSB.AppendFormat("\r\n// Skipping incomplete response '{0}'\r\n", arrSess[i].fullUrl);
continue;
}
if (arrSess[i].responseCode != 200)
{
oSB.AppendFormat("\r\n// Skipping non-HTTP/200 response '{0}'\r\n", arrSess[i].fullUrl);
continue;
}
var sType: String = arrSess[i].oResponse.MIMEType.ToLower();
var bIsScript = sType.Contains("script");
var bIsCSS = sType. Contains("css");
if (!bIsScript && !bIsCSS)
{
oSB.AppendFormat("\r\n// Skipping non-CSS/JS response '{0}'\r\n", arrSess[i].fullUrl);
continue;
}
var sIntegrity = "sha256-" + arrSess[i].GetResponseBodyHashAsBase64("sha256").Replace("-", "")
+"\n\tsha384-" + arrSess[i].GetResponseBodyHashAsBase64("sha384").Replace("-", "")
+"\n\tsha512-" + arrSess[i].GetResponseBodyHashAsBase64("sha512").Replace("-", "");
if (bIsScript)
{
oSB.AppendFormat('\r\n<script src="{0}" crossorigin="anonymous"\r\n\tintegrity="{1}"></script>\r\n',
arrSess[i].fullUrl, sIntegrity);
}
else
{
oSB.AppendFormat('\r\n<link rel="stylesheet" crossorigin="anonymous"\r\n\thref="{0}"\r\n\tintegrity="{1}" />\r\n',
arrSess[i].fullUrl, sIntegrity);
}
}
return oSB.ToString();
}
@ericlaw1979
Copy link
Author

Note, the crossorigin="anonymous" attribute is necessary for SRI to be computed for cross-origin resources.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment