我有一个通过CDN传递的js文件:
[[{"user":"1","nice":"0","sys":"1","CPU":"93","irq":"0"},
{"user":"1","nice":"0","sys":"1","CPU":"92","irq":"0"},
{"user":"1","nice":"0","sys":"1","CPU":"92","irq":"0"},
{"user":"1","nice":"0","sys":"1","CPU":"92","irq":"0"}],
[{"user":"0","nice":"0","sys":"0","CPU":"91","irq":"0"},
{"user":"0","nice":"0","sys":"1","CPU":"91","irq":"0"},
{"user":"1","nice":"0","sys":"0","CPU":"91","irq":"0"},
{"user":"0","nice":"0","sys":"0","CPU":"90","irq":"0"}]]
。
我目前正在HTML页面上使用此CDN,但是加载JavaScript的方法是使用JS动态创建它。
<table class="table table-striped mt-5">
<thead>
<tr>
<th scope="col">User</th>
<th scope="col">Nice</th>
<th scope="col">Sys</th>
<th scope="col">CPU</th>
<th scope="col">IRQ</th>
</tr>
</thead>
<tbody>
<tr *ngFor="let post of posts">
<td>{{post.user}}</td>
<td>{{post.nice}}</td>
<td>{{post.sys}}</td>
<td>{{post.CPU}}</td>
<td>{{post.irq}}</td>
</tr>
</tbody>
</table>
如何对我的JS文件进行哈希处理并将SRI / Hash值用于我动态生成的脚本标签的www.some-url-my-js.com属性?我的JS文件是云服务中存储桶中的对象。
我的一位同事建议向内联JS添加完整性检查,或者将CSP定位到此路径,或者将其添加到我们的CDN,但我不确定他在说什么。
https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
更新:我忘了提到我的CDN JS文件正在多个网站上使用,所以这是我需要通过npm脚本/事件侦听器等在JS文件本身内部执行的操作吗?在我动态创建的脚本标签中。
我需要类似于jQuery和Bootstrap为其CDN所做的事情。它们提供<script type="text/javascript">
var script = document.createElement('script')
var parent = document.body
script.addEventListener('load', () => {
window.chatInit(someSettings) //function from my JS file/CDN
})
script.src = 'www.some-url-my-js.com';
parent.appendChild(script)
</script>
值和integrity值。