diff options
| author | Markus Wüstenberg | 2024-06-06 09:23:55 +0200 |
|---|---|---|
| committer | GitHub | 2024-06-06 09:23:55 +0200 |
| commit | d944acd39fd6c987ea3cdd57c2cec525e918425e (patch) | |
| tree | cf9feed4255a60b6af2913814ef1d6cef09c0dc7 /html/elements.go | |
| parent | 5fa128bc8f245386539edf6002874aa4c2979ea6 (diff) | |
| parent | 600b6c34df94ad0917970669680629260394ce7d (diff) | |
| download | gomponents-d944acd39fd6c987ea3cdd57c2cec525e918425e.tar.lz gomponents-d944acd39fd6c987ea3cdd57c2cec525e918425e.tar.zst gomponents-d944acd39fd6c987ea3cdd57c2cec525e918425e.zip | |
Add script's `integrity` and `crossorigin` attributes (#173)
When using `<script>` to pull a library from a CDN, it's usually a good
idea to attach an integrity check so that if they get hacked and someone
changes all the script, malicious scripts don't get executed on your
website.
To achieve this, you need to attach `integrity` and `crossorigin` to
your `<script/>` tag
```go
Script(
Scr("https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/js/bootstrap.bundle.min.js"),
Integrity("sha384-ygbV9kiqUc6oa4msXn9868pTtWMgiQaeYH7/t7LECLbyPA2x65Kgf80OJFdroafW"),
CrossOrigin("anonymous"),
)
```
Turns into
```html
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/js/bootstrap.bundle.min.js"
integrity="sha384-ygbV9kiqUc6oa4msXn9868pTtWMgiQaeYH7/t7LECLbyPA2x65Kgf80OJFdroafW"
crossorigin="anonymous"></script>
```
Hint for whoever likes unpkg.com, adding `?meta` at the end of any
script you import form them will give you the current `integrity` for
the file. Example: https://unpkg.com/three@0.165.0/build/three.cjs?metaDiffstat (limited to 'html/elements.go')
0 files changed, 0 insertions, 0 deletions