Subresource Integrity

From Infogalactic: the planetary knowledge core

Jump to: navigation, search

Subresource Integrity or SRI is a W3C recommendation to provide a method to protect website delivery. Specifically, it validates assets served by a third party, such as a content delivery network (CDN). This ensures these assets have not been compromised for hostile purposes.

To use SRI, a website author wishing to include a resource from a third party can specify a cryptographic hash of the resource in addition to the location of the resource. Browsers fetching the resource can then compare the hash provided by the website author with the hash computed from the resource. If the hashes don't match, the resource is discarded.^[1]

As of April 2016, SRI is supported by Firefox, Chrome, and Opera.^[2]

Sample link element with integrity attribute used by SRI:

<link rel="stylesheet" href="https://cdn.example.com/style.css"
     integrity="sha384-+/M6kredJcxdsqkczBUjMLvqyHb1K/JThDXWsBVxMEeZHEaMKEOEct339VItX1zB">

References

↑ Lua error in package.lua at line 80: module 'strict' not found.
↑ Lua error in package.lua at line 80: module 'strict' not found.

External links

World Wide Web Consortium (W3C)

Products and
standards

Recommendations	ARIA Canonical XML CDF CSS DOM Geolocation API HTML (HTML5) ITS MathML OWL P3P PLS RDF RDF Schema SISR SKOS SMIL SOAP SRGS SRI SSML SVG SCXML SPARQL Timed text VoiceXML Web storage WSDL XForms XHTML XHTML+RDFa XInclude XLink XML XML Base XML Encryption XML Events XML Information Set XML namespace XML Schema XML Signature XOP XPath XPath 2.0 XPointer XProc XQuery XSL XSL-FO XSLT (elements)
Notes	XAdES XHTML+SMIL XUP
Working drafts	CCXML CURIE EME InkML JSON-LD MSE RIF SMIL Timesheets sXBL WICD XFDL XFrames XBL XMLHttpRequest
Guidelines	Web Content Accessibility Guidelines
Initiative	Multimodal Interaction Activity (MMI) Markup Validation Service Web Accessibility Initiative WebPlatform
Deprecated	C-HTML HDML JSSS PGML VML XHTML+MathML+SVG

Organizations

Advisory Committee (AC) World Wide Web Foundation
Elected groups	Advisory Board (AB) Technical Architecture Group (TAG)
Working groups	CSS HTML Geolocation Social Web SVG Web Hypertext Application Technology (WHATWG) Web Platform
Closed groups	Device Description (DDWG) WebOnt (Semantic Web Activity)

Software

CERN httpd Libwww
Browsers	Line Mode (1990–) Arena (1993–98) Agora (1994–97) Argo (1994–97) Amaya (browser/editor, 1996–2012)

Conferences

International World Wide Web Conference (IW3C)
- Steering Committee (IW3C2)
- First conference ("WWW1", 1994)

Retrieved from "https://infogalactic.com/w/index.php?title=Subresource_Integrity&oldid=716698740"

Categories:

Hidden category:

Pages with script errors

Subresource Integrity

References

External links

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools