Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Importmap integrity section #33712

Merged
merged 15 commits into from
May 31, 2024
Merged

Importmap integrity section #33712

Changes from 1 commit
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
50f30bd
Importmap integrity section
yoavweiss May 22, 2024
736dd3d
remove whitespace
yoavweiss May 22, 2024
d163fe8
Extra newline
yoavweiss May 22, 2024
29b5724
Merge branch 'main' into main
chrisdavidmills May 22, 2024
7e84a19
s/the/this/
yoavweiss May 22, 2024
6630d03
Better phrasing
yoavweiss May 22, 2024
d769d50
Better phrasing
yoavweiss May 22, 2024
5b72c9e
Update files/en-us/web/html/element/script/type/importmap/index.md
yoavweiss May 22, 2024
494a458
Update files/en-us/web/html/element/script/type/importmap/index.md
yoavweiss May 22, 2024
1f23dd8
Update files/en-us/web/html/element/script/type/importmap/index.md
yoavweiss May 22, 2024
b27952e
Update files/en-us/web/html/element/script/type/importmap/index.md
yoavweiss May 22, 2024
4cff068
rebase
yoavweiss May 22, 2024
013357c
Merge branch 'main' into main
chrisdavidmills May 22, 2024
212889d
Couple of small structure and plurality fixes
chrisdavidmills May 22, 2024
3ef14f2
Another small fix
chrisdavidmills May 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions files/en-us/web/html/element/script/type/importmap/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,29 @@ For example, the map below will only use the scoped map if the loading module ha
If multiple scopes match the referrer URL, then the most specific scope path is used (the scope key name with the longest name).
The browser falls back to the next most specific scoped path if there is no matching specifier, and so on, eventually falling back to the module specifier map in the `imports` key.

### Integrity metadata map
You can use the `integrity` key to provide mapping for module [integrity metadata](/en-US/docs/Web/Security/Subresource_Integrity#using_subresource_integrity).
yoavweiss marked this conversation as resolved.
Show resolved Hide resolved
The enables you to ensure the integrity of dynamically or statically imported modules.
yoavweiss marked this conversation as resolved.
Show resolved Hide resolved
It also enables you to provide a fallback to top-level modules or preloaded ones, in case they don't already include an "integrity" attribute.
yoavweiss marked this conversation as resolved.
Show resolved Hide resolved

The keys of the map represent a module URL (either an absolute one or a relative one that starts with `/`, `./`, or `../`).
yoavweiss marked this conversation as resolved.
Show resolved Hide resolved
The values of the map represent integrity metadata, identical to what one would use as an "integrity" attribute value.
yoavweiss marked this conversation as resolved.
Show resolved Hide resolved

For example, the map below defines integrity metadata to the square.js module, and transitively (through the `imports` key) to its bare specifier.
yoavweiss marked this conversation as resolved.
Show resolved Hide resolved

```html
<script type="importmap">
{
"imports": {
"square": "./module/shapes/square.js"
},
"integrity": {
"./module/shapes/square.js": "sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
}
}
</script>
```

## Import map JSON representation

The following is a "formal" definition of the import map JSON representation.
Expand Down Expand Up @@ -181,6 +204,16 @@ The import map must be a valid JSON object that can define at most two optional

Note that the scope does not change how an address is resolved; relative addresses are always resolved to the import map base URL.

- `integrity` {{optional_inline}}

- : Integrity defines a valid JSON object where the _keys_ are strings, defining either a valid absolute URL or a valid URL string that starts with `/`, `./`, or `../`,
yoavweiss marked this conversation as resolved.
Show resolved Hide resolved
and the corresponding _values_ are valid [integrity metadata](/en-US/docs/Web/Security/Subresource_Integrity#using_subresource_integrity).
yoavweiss marked this conversation as resolved.
Show resolved Hide resolved

The integrity object is a valid JSON object, mapping URLs to integrity metadata.
yoavweiss marked this conversation as resolved.
Show resolved Hide resolved

If the URL of a script importing or preloading a module matches a key in the integrity object, the corresponding integrity metadata is applied to the script's fetch options,
yoavweiss marked this conversation as resolved.
Show resolved Hide resolved
unless they already have integrity metadata attached to them.

## Specifications

{{Specifications}}
Expand Down
Loading