What is the purpose of the integrity attribute in HTML?

Question

What is the purpose of the integrity attribute in HTML?

I was on a boot site, and recently I noticed that their CDN links contain an integrity attribute with the SHA-384 key.

<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js" integrity="sha384-0mSbJDEHialfmuBBQP6A4Qrprq5OVfW37PRR3j5ELqxss1yVqOtnepnHVP9aJ7xS" crossorigin="anonymous"></script>

I suppose this is a way to check the source of the script, but moreso I was wondering how it is used, and if it is part of any specification?

Also, does this only work with script src or can it work with any source of more than one source?

+4

javascript twitter-bootstrap subresource-integrity

Emma ramirez Dec 23 '15 at 5:12

source share

3 answers

(CDN) , , , . CDN , CDN, CDN ( ) , , , CDN.

Subresource , , , - - ( CDN ), , - - , .

Subresource IntegrityEDIT
Subresource, 64 (), , <script> <link>.

, , , , ( sha256, sha384 sha512), base64- .

, . , .
sha384 base64:

SHA384-oqVuAfXRKap7fdgcCY5uykM6 + R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC
"" - , , , - (, script ). , thats .

:

0

Tanmay 23 . '15 5:21

Subresource Integrity , ,

The Integrity attribute should allow the browser to check the source of the file to ensure that the code never loads if the source has been processed.

The Crossorigin attribute is present when a request is loaded using "CORS", which is now a requirement for checking the SRI when it is not loaded from "the same origin." Additional Info Crossorigin

More information on the implementation of CDNs Bootstrap here

0

Imran Dec 23 '15 at 5:26

source share

Dray · Accepted Answer · 2015-12-23T05:19:54+0000

check this:

https://developer.mozilla.org/en/docs/Web/HTML/Element/script

(CDN) , , , . CDN , CDN, CDN ( ) , , , CDN.
Subresource , , , - - ( CDN ), , - - , .

:

https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

What is the purpose of the integrity attribute in HTML?

More articles: