Script Integrity Attribute should be added to | Webflow Wishlist

Script Integrity Attribute should be added to loaded scripts

JavaScript files loaded from another domain should be verified using the integrity attribute.

If the contents loaded from another domain is not verified the browser will execute the contents without verifying with a correct hash.

Farid Bonawiede
Jun 8 2021
Reviewed

Other

Comments (2)
Votes (7)

Post comment

Ross Newton commented

24 Apr 15:27

JavaScript files and CSS from Webflow should be verified with the integrity attribute as well. As like someone else said, Webflow websites will fail security reports due to a lack of integrity on the downloaded assets from Webflow (e.g. JS, CSS, etc.)

Attachments Open full size
Christian MOLINARI commented

September 26, 2023 16:27
I don't know if this task was not completed because of the low number of votes, but it would be nice if it were taken into consideration.
My customers ask me for regular security reports, my webflow site passes them at 99% it only needs this fix to pass at 100%.
De mon coté cela concerne tous les fichiers js suivant :
```
<script src="https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js" type="text/javascript"></script>
```
```
<script src="https://uploads-ssl.webflow.com/604637265ff6af53a0a489ea/js/webflow.b1dac7f20.js" type="text/javascript"></script>
```
Although the second must change with each deployment, I assume.
Attachments Open full size