Subresource Integrity Support Ready For Firefox 43, Chrome 45
With the upcoming releases of the Mozilla Firefox and Google Chrome web-browsers is support for the W3C Subresource Integrity (SRI) specification.
The Subresource Integrity feature allows web developers to ensure that externally-loaded scripts/assets from third-party sources (e.g. a CDN) haven't been altered. The SRI specification adds a new "integrity" HTML attribute when loading such assets where you can specify a hash of the file source expected -- the loaded resource must then match the hash for it to be loaded.
Subresource Integrity is designed to increase the security of the web by ensuring that CDNs or other third-parties aren't able to inject any malicious JavaScript into web-pages or make other changes to the web-page.
If you're interested in learning more about the SRI feature rolling out to web-browsers can be found from the W3.org specification, developer.mozilla.org, and the associated bug report.
The Subresource Integrity feature allows web developers to ensure that externally-loaded scripts/assets from third-party sources (e.g. a CDN) haven't been altered. The SRI specification adds a new "integrity" HTML attribute when loading such assets where you can specify a hash of the file source expected -- the loaded resource must then match the hash for it to be loaded.
Subresource Integrity is designed to increase the security of the web by ensuring that CDNs or other third-parties aren't able to inject any malicious JavaScript into web-pages or make other changes to the web-page.
If you're interested in learning more about the SRI feature rolling out to web-browsers can be found from the W3.org specification, developer.mozilla.org, and the associated bug report.
8 Comments