all repos — gomponents @ d944acd39fd6c987ea3cdd57c2cec525e918425e

HTML components in pure Go

Add script's `integrity` and `crossorigin` attributes (#173) When using `<script>` to pull a library from a CDN, it's usually a good idea to attach an integrity check so that if they get hacked and someone changes all the script, malicious scripts don't get executed on your website. To achieve this, you need to attach `integrity` and `crossorigin` to your `<script/>` tag ```go Script( Scr("https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/js/bootstrap.bundle.min.js"), Integrity("sha384-ygbV9kiqUc6oa4msXn9868pTtWMgiQaeYH7/t7LECLbyPA2x65Kgf80OJFdroafW"), CrossOrigin("anonymous"), ) ``` Turns into ```html <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/js/bootstrap.bundle.min.js" integrity="sha384-ygbV9kiqUc6oa4msXn9868pTtWMgiQaeYH7/t7LECLbyPA2x65Kgf80OJFdroafW" crossorigin="anonymous"></script> ``` Hint for whoever likes unpkg.com, adding `?meta` at the end of any script you import form them will give you the current `integrity` for the file. Example: https://unpkg.com/three@0.165.0/build/three.cjs?meta

Markus Wüstenberg
commit

d944acd39fd6c987ea3cdd57c2cec525e918425e

parent

5fa128bc8f245386539edf6002874aa4c2979ea6

2 files changed, 10 insertions(+), 0 deletions(-)

changed files
M html/attributes.gohtml/attributes.go
@@ -24,6 +24,10 @@ func Controls() g.Node {
return g.Attr("controls") } +func CrossOrigin(v string) g.Node { + return g.Attr("crossorigin", v) +} + func Defer() g.Node { return g.Attr("defer") }
@@ -128,6 +132,10 @@ }
func ID(v string) g.Node { return g.Attr("id", v) +} + +func Integrity(v string) g.Node { + return g.Attr("integrity", v) } func Lang(v string) g.Node {
M html/attributes_test.gohtml/attributes_test.go
@@ -47,12 +47,14 @@ "class": Class,
"cols": Cols, "colspan": ColSpan, "content": Content, + "crossorigin": CrossOrigin, "enctype": EncType, "for": For, "form": FormAttr, "height": Height, "href": Href, "id": ID, + "integrity": Integrity, "lang": Lang, "loading": Loading, "max": Max,