From d1da39b34b4ae8d1123d0f2581ab8ca6efc73f6c Mon Sep 17 00:00:00 2001 From: Tony Ho Date: Sat, 28 Jan 2017 10:19:00 +1100 Subject: [PATCH] Add Subresource Integrity (SRI) support (#164) --- README.md | 4 ++-- _includes/ext-css.html | 7 +++++++ _includes/ext-js.html | 7 +++++++ _includes/footer-scripts.html | 4 ++-- _includes/head.html | 4 ++-- 5 files changed, 20 insertions(+), 6 deletions(-) create mode 100644 _includes/ext-css.html create mode 100644 _includes/ext-js.html diff --git a/README.md b/README.md index d29777b..f3d4f1c 100644 --- a/README.md +++ b/README.md @@ -143,9 +143,9 @@ social-share | If you don't want to show buttons to share a blog post on social use-site-title | If you want to use the site title rather than page title as HTML document title (ie. browser tab title), use `use-site-title: true`. When set, the document title will take the format `Site Title - Site Description` (eg. `My website - A virtual proof that name is awesome!`). By default, it will use `Page Title` if it exists, or `Site Title` otherwise. layout | What type of page this is (default is `blog` for blog posts and `page` for other pages. You can use `minimal` if you don't want a header and footer) js | List of local JavaScript files to include in the page (eg. `/js/mypage.js`) -ext-js | List of external JavaScript files to include in the page (eg. `//cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.2/underscore-min.js`) +ext-js | List of external JavaScript files to include in the page (eg. `//cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.2/underscore-min.js`). External JavaScript files that support [Subresource Integrity (SRI)](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) can be specified using the `href` and `sri` parameters eg.
`href: "//code.jquery.com/jquery-3.1.1.min.js"`
`sri: "sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8="` css | List of local CSS files to include in the page -ex-css | List of external CSS files to include in the page +ext-css | List of external CSS files to include in the page. External CSS files using SRI (see `ext-js` parameter) are also supported. googlefonts | List of Google fonts to include in the page (eg. `["Monoton", "Lobster"]`) ### Advanced features (including how to use a custom URL address for your site) diff --git a/_includes/ext-css.html b/_includes/ext-css.html new file mode 100644 index 0000000..9e2f522 --- /dev/null +++ b/_includes/ext-css.html @@ -0,0 +1,7 @@ +{% if include.css.sri %} + +{% elsif include.css.href %} + +{% else %} + +{% endif %} \ No newline at end of file diff --git a/_includes/ext-js.html b/_includes/ext-js.html new file mode 100644 index 0000000..3738ef2 --- /dev/null +++ b/_includes/ext-js.html @@ -0,0 +1,7 @@ +{% if include.js.sri %} + +{% elsif include.js.href %} + +{% else %} + +{% endif %} diff --git a/_includes/footer-scripts.html b/_includes/footer-scripts.html index 8c57857..5ad0cb1 100644 --- a/_includes/footer-scripts.html +++ b/_includes/footer-scripts.html @@ -1,12 +1,12 @@ {% if layout.common-ext-js %} {% for js in layout.common-ext-js %} - + {% include ext-js.html js=js %} {% endfor %} {% endif %} {% if page.ext-js %} {% for js in page.ext-js %} - + {% include ext-js.html js=js %} {% endfor %} {% endif %} diff --git a/_includes/head.html b/_includes/head.html index fa6d633..fad8f4b 100644 --- a/_includes/head.html +++ b/_includes/head.html @@ -17,7 +17,7 @@ {% if layout.common-ext-css %} {% for css in layout.common-ext-css %} - + {% include ext-css.html css=css %} {% endfor %} {% endif %} @@ -35,7 +35,7 @@ {% if page.ext-css %} {% for css in page.ext-css %} - + {% include ext-css.html css=css %} {% endfor %} {% endif %}