[wp-trac] [WordPress Trac] #33948: Implement subresource integrity (SRI)
WordPress Trac
noreply at wordpress.org
Thu Feb 15 18:10:37 UTC 2018
#33948: Implement subresource integrity (SRI)
-------------------------------------------------+-------------------------
Reporter: johnbillion | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting
Component: Script Loader | Review
Severity: normal | Version:
Keywords: dev-feedback needs-testing has- | Resolution:
patch | Focuses:
-------------------------------------------------+-------------------------
Comment (by Otto42):
+1
This would also be useful for plugins that include code from other
sevrices. We've recently had a case where a service had their javascript
changed to include coinhive mining code, ostensibly without their
knowledge. If wp_enqueue_script included the ability for their plugin to
define the integrity hash of that external JS, then the code would have
been blocked.
As it is, they can certainly change the plugin to output their own script
tag to include such a hash, but having this built into the scripts/styles
system would be very helpful.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33948#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list