Script Integrity – Frontend Masters Boost
July 9, 2024
There is a web platform feature that can help against a third party changing the code they are providing. It’s the integrity attribute on or elements (which are rel=”stylesheet”, rel=”preload”, or rel=”modulepreload”). It’s called “Subresource Integrity”, to name it correctly.
Linking to 3rd party source hosts is not uncommon. But introduces an attack vector for any site that does so. We may not be overly concerned about some such hosts, internet giants like Google, but the recent polyfill.io situation highlights the risks of sites changing hands.
There is a way to protect against such attacks, or at least mitigate their impact, Subresource Integrity, covered here (and as it happens by Stephen Rees-Carter at our recent Code conference).