In Sitevision 2022.08.1 there is an option to add SRI checks to external CSS and Javascript resources.
When you create your external CSS or Javascript addon (typically in i Template) you can now add the integrity checksum and select the crossorigin value.
Sitevision will add the integrity checksum and the crossorigin to the page source code (if the source is external).
Example html output:
<!-- HTML -->
<script src="https://myfavoritecdn.com/myexternallibrary-min.js"
integrity="sha256-u7e5khyithlIdTpu22PHhENmPcRdFiHRjhAuHcs05RI="
crossorigin="anonymous">
</script>
Checksum integrity matters
The client browser will calculate a checksum of the downloaded resource and compare it to the value of the integrity attribute. If the checksums doesn't match, the browser will reject and completely ignore the resource. I.e. the script/CSS will not be applied at all by the browser (page will typically look unexpected and/or lack expected functionality).
Do you want to subscribe to News from Sitevision Developer team? Subscribe here!