Skip to content

SRI on scripts #12

New issue
New issue
Open
Open
SRI on scripts#12
@scat0324

Description

@scat0324
scat0324
opened on Jan 21, 2022

Our vulnerability scanner flags the import of scripts from third party sites as a medium risk, and recommends SRI https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity to mitigate it. It provides the following hashes for use in the integrity attribute:

https://cdn.jsdelivr.net/npm/flatpickr
sha256-AkQap91tDcS4YyQaZY2VV34UhSCxu2bDEIgXXXuf5Hg=

https://unpkg.com/leaflet@1.7.1/dist/leaflet.js
sha256-yDc0eil8GjWFKqN1OSzHSVCiuGghTosZCcRje4tj7iQ=

https://cdn.jsdelivr.net/chartist.js/latest/chartist.min.js
sha256-UzffRueYhyZDw8Cj39UCnnggvBfa1fPcDQ0auvCbvCc=

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions