update: Web security in Scripts and Styles#8
Open
jbraconig wants to merge 2 commits intogdldocs:mainfrom
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Spanish: Implementación de Subresource Integrity (SRI) para Scripts y Estilos
En esta pull request, se ha implementado la técnica de Subresource Integrity (SRI) en los archivos de script y estilo utilizados por el sitio web. Esta actualización se ha realizado con el objetivo de mejorar la seguridad del sitio y proteger a los usuarios de posibles ataques de inyección de scripts maliciosos.
Detalles de la Implementación
Generación de Hashes SRI: Se han generado hashes criptográficos (SHA-256) para todos los archivos de script y estilo externos que se cargan en el sitio. Estos hashes se han calculado basándose en el contenido actual de cada archivo.
Actualización de Referencias en HTML: Se han añadido los atributos
integrityycrossorigina las etiquetas<script>y<link>correspondientes en los archivos HTML. Esto permite a los navegadores verificar la integridad de los archivos antes de cargarlos, garantizando que no han sido modificados por terceros.Razones para la Implementación
Mejora de la Seguridad: El uso de SRI asegura que los archivos de recursos externos no han sido alterados desde su creación, protegiendo a los usuarios contra ataques de inyección de código y otros tipos de vulnerabilidades relacionadas con contenido manipulado.
Confianza y Transparencia: Al implementar SRI, demostramos nuestro compromiso con la seguridad y la integridad del contenido que servimos a los usuarios.
Consideraciones
English: Implementation of Subresource Integrity (SRI) for Scripts and Styles
In this pull request, we have implemented the Subresource Integrity (SRI) technique for script and style files used by our website. This update has been carried out with the aim of improving site security and protecting our users from potential malicious script injection attacks.
Implementation Details
SRI Hash Generation: Cryptographic hashes (SHA-256) have been generated for all external script and style files loaded on the site. These hashes have been calculated based on the current content of each file.
Updating HTML References: The
integrityandcrossoriginattributes have been added to the corresponding<script>and<link>tags in the HTML files. This allows browsers to verify the integrity of the files before loading them, ensuring they have not been modified by third parties.Reasons for Implementation
Security Enhancement: The use of SRI ensures that external resource files have not been altered since their creation, protecting users against code injection attacks and other types of vulnerabilities related to manipulated content.
Trust and Transparency: By implementing SRI, we demonstrate our commitment to the security and integrity of the content we serve to our users.
Considerations