diff options
| author | Markus Wüstenberg | 2024-06-06 09:23:55 +0200 |
|---|---|---|
| committer | GitHub | 2024-06-06 09:23:55 +0200 |
| commit | d944acd39fd6c987ea3cdd57c2cec525e918425e (patch) | |
| tree | cf9feed4255a60b6af2913814ef1d6cef09c0dc7 | |
| parent | 5fa128bc8f245386539edf6002874aa4c2979ea6 (diff) | |
| parent | 600b6c34df94ad0917970669680629260394ce7d (diff) | |
| download | gomponents-d944acd39fd6c987ea3cdd57c2cec525e918425e.tar.lz gomponents-d944acd39fd6c987ea3cdd57c2cec525e918425e.tar.zst gomponents-d944acd39fd6c987ea3cdd57c2cec525e918425e.zip | |
Add script's `integrity` and `crossorigin` attributes (#173)
When using `<script>` to pull a library from a CDN, it's usually a good
idea to attach an integrity check so that if they get hacked and someone
changes all the script, malicious scripts don't get executed on your
website.
To achieve this, you need to attach `integrity` and `crossorigin` to
your `<script/>` tag
```go
Script(
Scr("https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/js/bootstrap.bundle.min.js"),
Integrity("sha384-ygbV9kiqUc6oa4msXn9868pTtWMgiQaeYH7/t7LECLbyPA2x65Kgf80OJFdroafW"),
CrossOrigin("anonymous"),
)
```
Turns into
```html
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/js/bootstrap.bundle.min.js"
integrity="sha384-ygbV9kiqUc6oa4msXn9868pTtWMgiQaeYH7/t7LECLbyPA2x65Kgf80OJFdroafW"
crossorigin="anonymous"></script>
```
Hint for whoever likes unpkg.com, adding `?meta` at the end of any
script you import form them will give you the current `integrity` for
the file. Example: https://unpkg.com/three@0.165.0/build/three.cjs?meta| -rw-r--r-- | html/attributes.go | 8 | ||||
| -rw-r--r-- | html/attributes_test.go | 2 |
2 files changed, 10 insertions, 0 deletions
diff --git a/html/attributes.go b/html/attributes.go index b38dd95..8988ab3 100644 --- a/html/attributes.go +++ b/html/attributes.go @@ -24,6 +24,10 @@ func Controls() g.Node { return g.Attr("controls") } +func CrossOrigin(v string) g.Node { + return g.Attr("crossorigin", v) +} + func Defer() g.Node { return g.Attr("defer") } @@ -130,6 +134,10 @@ func ID(v string) g.Node { return g.Attr("id", v) } +func Integrity(v string) g.Node { + return g.Attr("integrity", v) +} + func Lang(v string) g.Node { return g.Attr("lang", v) } diff --git a/html/attributes_test.go b/html/attributes_test.go index bcb6daf..1478b61 100644 --- a/html/attributes_test.go +++ b/html/attributes_test.go @@ -47,12 +47,14 @@ func TestSimpleAttributes(t *testing.T) { "cols": Cols, "colspan": ColSpan, "content": Content, + "crossorigin": CrossOrigin, "enctype": EncType, "for": For, "form": FormAttr, "height": Height, "href": Href, "id": ID, + "integrity": Integrity, "lang": Lang, "loading": Loading, "max": Max, |