In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >
Share
Shulou(Shulou.com)06/02 Report--
This article describes in detail the corresponding analysis and solutions to the question of how Javascript uses the integrity attribute for security verification, hoping to help more partners who want to solve this problem to find a simpler and easier way.
I. introduction of script tags into files
In html, the script tag can introduce a js file through the src attribute, and the imported js file can be local or remote.
1. Import local files
Local js files are generally introduced into the development environment.
two。 Introduce remote files
After being deployed online, it is generally distributed to cdn, and remote files need to be introduced, such as:
There is just a problem with the introduction of remote files, which may affect users if the corresponding files are tampered with. Although cdn is generally reliable, it does not rule out attacks by hackers.
In this case, security verification can be done through the attribute integrity of the script tag.
Integrity security verification
The integrity attribute setting introduces the hash value of the js file. When downloading the js file, the browser will hash the js file. If it is consistent, it will load normally, otherwise it will refuse to load and run.
It looks like:
2. Examples
3. Introducing cdn resources from vue
For example, we want to introduce the cdn resources of vue:
Https://unpkg.com/vue@3.0.5/dist/vue.global.js
Hash values can be generated through https://www.srihash.org/.
Integrity generates hash values
Integrity generates hash values
Finally, add the value of integrity to the script tag.
4. Verify that it is normal
Because the cdn resource is introduced, it cannot be modified directly, but if you modify the value of integrity, if you modify the value of integrity, the browser will eventually report the following error:
Failed to find a valid digest in the 'integrity' attribute for resource' https://unpkg.com/vue@3.0.5/dist/vue.global.js' with computed SHA-256 integrity' Wr5PnkpmZ3oQFRZLfDrI6fsePSMak5h8rW2rqq+mdWg='. The resource has been blocked.
It means that the hash value of the cdn file does not match the integrity value.
This is the answer to the question about how Javascript uses the integrity attribute for security verification. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.