-
-
Notifications
You must be signed in to change notification settings - Fork 777
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement SRI
check on the external babel links
#6120
Comments
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
SRI (Subresource Integrity)
check on the external babel links
in the files _layouts/default-markdown.html
and _layouts/default.html
SRI
check on the external babel links
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
Hi @nelsonuprety1, thank you for taking up this issue! Hfla appreciates you :) Do let fellow developers know about your:- You're awesome! P.S. - You may not take up another issue until this issue gets merged (or closed). Thanks again :) |
Availability: Wed 24 January, 2024 |
Please check the PR #6152 for this fix. |
Overview
Implement SRI checks for the
babel.js
script tag in 'default-markdown.html' and 'default.html' to address CodeQL alert 36 and 37, enhancing script integrity and mitigating potential vulnerabilities.Action Items
integrity
andcrossorigin
attribute to the<script>
links in the files_layouts/default-markdown.html
and_layouts/default.html
crossorigin="anonymous"
specifically as we don't want to share our credentials with the serverintegrity
attribute use the SRI Generator paste the urlhttps://cdnjs.cloudflare.com/ajax/libs/babel-standalone/6.26.0/babel.js
and generate anSHA-384
hash, we are using a specified version ofbabel (6.26.0)
integrity
attribute of the both the files, the browser will automatically check for the integrity of the external link,this feature of browser is only in the modern ones, older browsers have no support for SRI
.docker-compose up
and checking if any errors are generated during the build processCTRL/CMD + SHIFT + I
and check for anyJavaScript related errors
Network Console
and reload the web page, then inspect the network requests to confirm that thebabel.js
script is loaded successfully./projects
or/wins
inat least two browsers
Resources/Instructions
The text was updated successfully, but these errors were encountered: