Reputation: 15891
How to check the integrity of loaded Javascript code
I run a Bitcoin wallet that uses browser side Javascript to encrypt and decrypt Bitcoin keys.
I want to make the javascript available for scrutiny on Github, and then load the javascript from the github repository.
My problem is I need to check the integrity of the loaded Javascript to ensure at hasn't been tampered with at Github.
How can I best do this ? Would it be something like.
- Load remote Javascript with an ajax call.
- MD5 hash and compare.
- If in good shape execute it.
Upvotes: 7
Views: 6576
Answers (1)
Reputation: 5582
There is (or soon WILL be) an elegant way to achieve this now (2 years after the question was asked).
You can now specify the "integrity" parameter inside the script tag:
<script src="https://github.com/<path>/yourscript.js"
integrity="sha256-SDf......">
This won't work for the script loaded via an AJAX requests. But you can potentially reference scripts as script tags pointing at the CDN (ideally not at github directly)
Upvotes: 6
Related Questions
- Ensuring that javascript code was not modified
- How to verify that Javascript on client has not been altered
- Checking if code is valid JavaScript without actually evaluating it
- Determine if external javascripts are loaded correctly
- How to detect cracked JS validation?
- How to identify a javascript file is loaded successfully in Script
- Checking integrity of javascript, user code=server code
- How to check with Javascript if script can be loaded
- How to test if a script is valid before including it
- Check Integrity of Complex JavaScript Object