Brent Keller

Subresource integrity hashes

Today I learned about the integrity attribute for <script> and <link> tags. This attribute is used to ensure you're getting what you expect from a referenced resource, like a script from a CDN. This is a really good idea when referencing specific versioned files from a CDN to make sure that a malicious actor hasn't replaced that resource with something else.

You can find more info on the MDN site: Subresource Integrity

There's a handy online tool to help calculate the integrity hash for a resource's URL:

Example usage of the integrity attribute: