stenciljs/core

feat: add possibility for security SRI/integrity attribute

Open

#6.132 aberto em 30 de jan. de 2025

Ver no GitHub
 (1 comment) (0 reactions) (0 assignees)TypeScript (844 forks)auto 404
Help Wanted

Métricas do repositório

Stars
 (13.111 stars)
Métricas de merge de PR
 (Métricas PR pendentes)

Description

Prerequisites

Describe the Feature Request

If providing stencil component files via a CDN its recommended to load them with an integrity attribute: https://www.w3schools.com/tags/att_script_integrity.asp

This is easily possible for stencil's loader file. But this file loads other scripts without the possibility of adding a integrity hash.

Describe the Use Case

A big design system is providing stencil components via a CDN and consumers wanted to use this security technique.

Describe Preferred Solution

  • consumer just needs to add the SRI "manually" to the loader file request (consumer know the hash)
  • loading of all other files could be extended by the hashes of each file by stencil internal loading logic
  • those hashes could be generated at build time and baked into the loader file (because the browser can trust the value of the loader file)

Describe Alternatives

There are a lot of alternatives. Maybe the consumer can create itself the hashes of loaded files and provide them to the stencil loader.

Related Code

No response

Additional Information

No response

Guia do colaborador