Page MenuHomeDevCentral

Subresource Integrity
ClosedPublic

Authored by dereckson on Jul 2 2016, 15:29.
Referenced Files
F3914927: D451.diff
Thu, Dec 19, 17:48
Unknown Object (File)
Tue, Dec 17, 03:59
Unknown Object (File)
Sat, Dec 14, 18:09
Unknown Object (File)
Sat, Dec 14, 18:09
Unknown Object (File)
Sat, Dec 14, 17:47
Unknown Object (File)
Sat, Dec 14, 17:28
Unknown Object (File)
Thu, Dec 12, 05:41
Unknown Object (File)
Tue, Dec 3, 14:57
Subscribers
None

Details

Summary

SRI is a new specification allowing to associate a hash to a resource file.

This allows to trust external CDNs to serve the exact file we computed the hash.
If not, for example because of a MITM attack, browser will block the resource.

Side edit: ' → " as HTML attributes delimiters.

Test Plan

Visit pages and check each resources are correcty loaded.

Diff Detail

Repository
rGROVE Auth Grove
Lint
Lint Passed
Unit
No Test Coverage
Branch
integrity
Build Status
Buildable 630
Build 749: arc lint + arc unit

Event Timeline

dereckson retitled this revision from to Subresource Integrity.
dereckson updated this object.
dereckson edited the test plan for this revision. (Show Details)
dereckson updated this object.
dereckson updated this object.
dereckson added a project: security.
dereckson added a reviewer: dereckson.

Hashes generated through https://www.srihash.org/ managed by Mozilla, and tested under Chrome 51.

This revision is now accepted and ready to land.Jul 2 2016, 15:33
This revision was automatically updated to reflect the committed changes.