Add script's `integrity` and `crossorigin` attributes (#173) When using `<script>` to pull a library from a CDN, it's usually a good idea to attach an integrity check so that if they get hacked and someone changes all the script, malicious scripts don't get executed on your website. To achieve this, you need to attach `integrity` and `crossorigin` to your `<script/>` tag ```go Script( Scr("https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/js/bootstrap.bundle.min.js"), Integrity("sha384-ygbV9kiqUc6oa4msXn9868pTtWMgiQaeYH7/t7LECLbyPA2x65Kgf80OJFdroafW"), CrossOrigin("anonymous"), ) ``` Turns into ```html <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/js/bootstrap.bundle.min.js" integrity="sha384-ygbV9kiqUc6oa4msXn9868pTtWMgiQaeYH7/t7LECLbyPA2x65Kgf80OJFdroafW" crossorigin="anonymous"></script> ``` Hint for whoever likes unpkg.com, adding `?meta` at the end of any script you import form them will give you the current `integrity` for the file. Example: https://unpkg.com/three@0.165.0/build/three.cjs?meta
1 file changed, 2 insertions(+), 0 deletions(-)
changed files
M html/attributes_test.go → html/attributes_test.go
@@ -47,12 +47,14 @@ "class": Class, "cols": Cols, "colspan": ColSpan, "content": Content, + "crossorigin": CrossOrigin, "enctype": EncType, "for": For, "form": FormAttr, "height": Height, "href": Href, "id": ID, + "integrity": Integrity, "lang": Lang, "loading": Loading, "max": Max,