This repository has been archived by the owner on Apr 5, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 35
/
index.html
100 lines (88 loc) · 4.74 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
{{! This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at https://mozilla.org/MPL/2.0/. }}
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="Generate Subresource Integrity (SRI) attributes, easily and fast">
<title>{{title}}</title>
<link rel="canonical" href="https://www.srihash.org/">
<link rel="stylesheet" href="/style.css" integrity="{{sri './public/style.css'}}">
<link rel="stylesheet" href="/badge/badge.css" integrity="{{sri './public/badge/badge.css'}}">
<link rel="stylesheet" href="/badge/will-pass.css">
<link rel="stylesheet" href="/badge/must-fail.css" integrity="sha384-INVALIDHASH">
<link rel="apple-touch-icon" href="/favicons/apple-touch-icon.png" sizes="180x180">
<link rel="icon" href="/favicons/favicon-32x32.png" sizes="32x32" type="image/png">
<link rel="icon" href="/favicons/favicon-16x16.png" sizes="16x16" type="image/png">
<link rel="manifest" href="/favicons/manifest.json">
<link rel="mask-icon" href="/favicons/safari-pinned-tab.svg" color="#333333">
<link rel="shortcut icon" href="/favicons/favicon.ico">
<meta name="apple-mobile-web-app-title" content="SRI Hash Generator">
<meta name="application-name" content="SRI Hash Generator">
<meta name="msapplication-TileColor" content="#333333">
<meta name="msapplication-config" content="/favicons/browserconfig.xml">
<meta name="theme-color" content="#333333">
</head>
<body>
<!-- Nav -->
<nav>
<a href="#about">About</a>
<a href="#app">Hash Generator</a>
<br class="clear">
</nav>
<!-- Banner -->
<div id="app" class="container">
<div class="container" id="sriAppContainer">
{{! section to be replaced with react app }}
<div id="sriApp">
<h1>SRI Hash Generator</h1>
<label for="url">Enter the URL of the resource you wish to use:</label>
<form method="POST" action="/hash" target="sriSnippet">
<input id="url" name="url" type="url" value="" placeholder="Resource URL" required autofocus>
<input name="algorithms" type="hidden" value="sha384">
<input type="submit" value="Hash!">
</form>
<iframe id="sriSnippet" name="sriSnippet" sandbox="allow-same-origin" title="SRI Hash"></iframe>
</div>
{{! end section }}
</div>
</div>
<!-- About -->
<section id="about" class="container">
<h2>What is Subresource Integrity?</h2>
<p>SRI is a new <a href="https://www.w3.org/TR/SRI/">W3C specification</a> that allows web developers to ensure that resources hosted on third-party servers have not been tampered with. Use of SRI is recommended as a best-practice, whenever libraries are loaded from a third-party source.</p>
<p>Learn more about <a href="https://developer.mozilla.org/docs/Web/Security/Subresource_Integrity">how to use subresource integrity</a> on MDN.</p>
<hr>
<h2>How is Subresource Integrity different to HTTPS?</h2>
<p>TLS ensures that the connection between the browser and the server is secure. The resource itself may still be modified server-side by an attacker to include malicious content, yet still be served with a valid TLS certificate. SRI, on the other hand, guarantees that a resource hasn't changed since it was hashed by a web author.</p>
<hr>
<h2>How can I generate Integrity hashes?</h2>
<p>Use the generator above or the following shell command:<br>
<code>
openssl dgst -sha384 -binary <strong>FILENAME.js</strong> | openssl base64 -A
</code>
</p>
<hr>
<h2>Test your browser</h2>
<p>Check out <a href="https://caniuse.com/#feat=subresource-integrity">SRI on caniuse.com</a> to see specific browser version support information.</p>
<p>To fully test your browser for subresource integrity support, please open <a href="https://w3c-test.org/subresource-integrity/subresource-integrity.sub.html">this page</a>.</p>
<div class="sri-test" id="sri-badge">
<div data-sri-status="pass">
{{> pass}}
<p>Your browser supports SRI</p>
</div>
<div data-sri-status="fail">
{{> fail}}
<p>Your browser does not support SRI</p>
</div>
</div>
</section>
<hr>
<!-- Footer -->
<footer class="container">
The code behind this service is hosted on <a href="https://github.com/mozilla/srihash.org">GitHub</a> and is licensed under the <a href="https://www.mozilla.org/MPL/2.0/">Mozilla Public License 2.0</a>.
</footer>
</body>
</html>