Add script's `integrity` and `crossorigin` attributes (#173) When using `<script>` to pull a library from a CDN, it's usually a good idea to attach an integrity check so that if they get hacked and someone changes all the script, malicious scripts don't get executed on your website. To achieve this, you need to attach `integrity` and `crossorigin` to your `<script/>` tag ```go Script( Scr("https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/js/bootstrap.bundle.min.js"), Integrity("sha384-ygbV9kiqUc6oa4msXn9868pTtWMgiQaeYH7/t7LECLbyPA2x65Kgf80OJFdroafW"), CrossOrigin("anonymous"), ) ``` Turns into ```html <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/js/bootstrap.bundle.min.js" integrity="sha384-ygbV9kiqUc6oa4msXn9868pTtWMgiQaeYH7/t7LECLbyPA2x65Kgf80OJFdroafW" crossorigin="anonymous"></script> ``` Hint for whoever likes unpkg.com, adding `?meta` at the end of any script you import form them will give you the current `integrity` for the file. Example: https://unpkg.com/three@0.165.0/build/three.cjs?meta
2 files changed, 10 insertions(+), 0 deletions(-)
changed files
M html/attributes.go → html/attributes.go
@@ -24,6 +24,10 @@ func Controls() g.Node { return g.Attr("controls") } +func CrossOrigin(v string) g.Node { + return g.Attr("crossorigin", v) +} + func Defer() g.Node { return g.Attr("defer") }@@ -128,6 +132,10 @@ } func ID(v string) g.Node { return g.Attr("id", v) +} + +func Integrity(v string) g.Node { + return g.Attr("integrity", v) } func Lang(v string) g.Node {
M html/attributes_test.go → html/attributes_test.go
@@ -47,12 +47,14 @@ "class": Class, "cols": Cols, "colspan": ColSpan, "content": Content, + "crossorigin": CrossOrigin, "enctype": EncType, "for": For, "form": FormAttr, "height": Height, "href": Href, "id": ID, + "integrity": Integrity, "lang": Lang, "loading": Loading, "max": Max,