Integrity attribute for script tag = great idea

I have always been worried about CDN being compromised and what a nightmare it would be to applications rely on them. Imagine popping a CDN hosting Jquery code and replacing it with some nasty script.

Anyhow, the new integrity attribute for script tag is fantastic, it allows you to include the hash of the javascripts you include into your page and this hash is verified everytime the javascript is loaded.

Example:

<script src="https://example.com/example-framework.js"  
        integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
        crossorigin="anonymous"></script>

Unfortunately this attribute is currently only supported on new versions of Firefox, Chrome and Opera. Safari and IE are still behind.

comments powered by Disqus