Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update add_sri.js #3124

Closed
wants to merge 1 commit into from
Closed

Update add_sri.js #3124

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 39 additions & 29 deletions frontend-bundler/add_sri.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,37 +1,47 @@
// Go through all the CSS/JS imports in an HTML file, and add SRI attributes. More info here:
// https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity#examples
const path = require("path");
const fs = require("fs/promises");
const posthtml = require("posthtml");
const posthtmlSri = require("posthtml-sri");
const posthtmlCrossorigin = require("@plutojl/posthtml-crossorigin");

// I really really tried to do this using a parcel plugin but it's "not possible". So right now this is just a separate script that you run with the html filenames as arguments.

let path = require("path")
let fs = require("fs/promises")
let posthtml = require("posthtml")
let posthtmlSri = require("posthtml-sri")
let posthtmlCrossorigin = require("@plutojl/posthtml-crossorigin")
// Main function to process HTML files
const processHtmlFiles = async () => {
// Check if arguments are provided
if (process.argv.length < 3) {
console.error("❌ Please provide at least one HTML file as an argument.");
process.exit(1);
}

let f = async () => {
// Read file given as command line arugment
for (let i = 2; i < process.argv.length; i++) {
let file = process.argv[i]
let contents = await fs.readFile(file, "utf8")
const file = process.argv[i];

try {
console.log(`🔄 Processing: ${file}`);
// Read the HTML file
const contents = await fs.readFile(file, "utf8");

const plugins = [
posthtmlSri({
algorithms: ["sha384"],
basePath: path.dirname(file),
}),
posthtmlCrossorigin({
value: () => "anonymous",
}),
]
// Configure plugins for SRI and crossorigin attributes
const plugins = [
posthtmlSri({
algorithms: ["sha384"], // Recommended SRI algorithm
basePath: path.dirname(file),
}),
posthtmlCrossorigin({
value: () => "anonymous", // Set crossorigin="anonymous"
}),
];

const result = await posthtml(plugins).process(contents)
// console.log(result)
// Process the file using PostHTML and plugins
const result = await posthtml(plugins).process(contents);

// Write to file
await fs.writeFile(file, result.html)
console.log("✅ SRI added to ", file)
// Write the modified HTML back to the file
await fs.writeFile(file, result.html, "utf8");
console.log(`✅ SRI and crossorigin added to: ${file}`);
} catch (error) {
console.error(`❌ Error processing ${file}:`, error.message);
}
}
}
};

f()
// Execute the function
processHtmlFiles();
Loading