Add script's `integrity` and `crossorigin` attributes (#173)
When using `<script>` to pull a library from a CDN, it's usually a good
idea to attach an integrity check so that if they get hacked and someone
changes all the script, malicious scripts don't get executed on your
website.
To achieve this, you need to attach `integrity` and `crossorigin` to
your `<script/>` tag
```go
Script(
Scr("https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/js/bootstrap.bundle.min.js"),
Integrity("sha384-ygbV9kiqUc6oa4msXn9868pTtWMgiQaeYH7/t7LECLbyPA2x65Kgf80OJFdroafW"),
CrossOrigin("anonymous"),
)
```
Turns into
```html
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/js/bootstrap.bundle.min.js"
integrity="sha384-ygbV9kiqUc6oa4msXn9868pTtWMgiQaeYH7/t7LECLbyPA2x65Kgf80OJFdroafW"
crossorigin="anonymous"></script>
```
Hint for whoever likes unpkg.com, adding `?meta` at the end of any
script you import form them will give you the current `integrity` for
the file. Example: https://unpkg.com/three@0.165.0/build/three.cjs?metaMarkus Wüstenberg markus@maragu.dk
Thu, 06 Jun 2024 09:23:55 +0200
2 files changed, 10 insertions(+), 0 deletions(-)
M html/attributes.go → html/attributes.go
@@ -24,6 +24,10 @@ func Controls() g.Node { return g.Attr("controls") } +func CrossOrigin(v string) g.Node { + return g.Attr("crossorigin", v) +} + func Defer() g.Node { return g.Attr("defer") } @@ -128,6 +132,10 @@ } func ID(v string) g.Node { return g.Attr("id", v) +} + +func Integrity(v string) g.Node { + return g.Attr("integrity", v) } func Lang(v string) g.Node {
M html/attributes_test.go → html/attributes_test.go
@@ -47,12 +47,14 @@ "class": Class, "cols": Cols, "colspan": ColSpan, "content": Content, + "crossorigin": CrossOrigin, "enctype": EncType, "for": For, "form": FormAttr, "height": Height, "href": Href, "id": ID, + "integrity": Integrity, "lang": Lang, "loading": Loading, "max": Max,