javascript - Is it possible to use subresource integrity with ES6 module imports?

Question

Welcome To Ask or Share your Answers For Others

javascript - Is it possible to use subresource integrity with ES6 module imports?

posted Oct 17, 2021 in Technique[技术] by 深蓝 (71.8m points)

javascript - Is it possible to use subresource integrity with ES6 module imports?

Given code like this:

import { el, mount } from 'https://unpkg.com/[email protected]/dist/redom.es.js';

is there some way to enable subresource integrity verification to ensure that the CDN asset returns the expected content?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

深蓝 · Answer 1 · 2021-10-17T02:57:58+0000

You have to also define the module via

<script type="module" integrity="..." src="https://unpkg.com/[email protected]/dist/redom.es.js">

What you're asking specifically requires changes to ECMAScript itself and currently there's not even a proposal for it, so I don't expect it to appear anytime soon.

However in the case of UNPKG, if you trust UNPKG and Cloudflare not to mess with the content, you're fine. Neither npm nor the package author can modify the file as long as you specify the version.

Categories

javascript - Is it possible to use subresource integrity with ES6 module imports?

javascript - Is it possible to use subresource integrity with ES6 module imports?

Please log in or register to add a comment.

Please log in or register to reply this article.

1 Reply

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags