Protecting your ASP.NET applications with SRI: Subresource Integrity

Web applications are today very much front-end logic focused, and you cannot run modern JavaScript applications without external scripts. In ASP.NET web applications, there are many ways to work with external JavaScript files, such as the classic HTML script tag.

However, the more external scripts you load, there's an ever-increasing chance someone might have tampered with those scripts. To battle this, there's an emerging standard called Subresource Integrity or SRI. This is a W3C standard proposal.

You can already use this standard in ASP.NET applications, and support is coming to Microsoft Edge.

Here is an example of the "integrity" attribute on a HTML script tag:

<script src="https://example.com/example-framework.js"
        integrity="sha384-Li9vy3DqF8tnTXuiaAJuML3ky+er10rcgNR/VqsVpcw+ThHmYcwiB1pbOxEbzJr7"
        crossorigin="anonymous"></script>

Safer hacking!