Subresource Integrity or SRI is a W3C recommendation to provide a method to protect website delivery. Specifically, it validates assets served by a third party, such as a content delivery network (CDN). This ensures these assets have not been compromised for hostile purposes. SRI was created in response to a number of attacks where CDN-served content was injected with malicious code, compromising thousands of websites using it.[1]

To use SRI, a website author wishing to include a resource from a third party can specify a cryptographic hash of the resource in addition to the location of the resource. Browsers fetching the resource can then compare the hash provided by the website author with the hash computed from the resource. If the hashes don't match, the resource is discarded.[2]

A sample `script` element with `integrity` and `crossorigin` attribute used by the SRI:

<script src="https://cdn.example.com/app.js"
integrity="sha384-+/M6kredJcxdsqkczBUjMLvqyHb1K/JThDXWsBVxMEeZHEaMKEOEct339VItX1zB"
crossorigin="anonymous"></script>

## References[edit]

1. ^ "Afghanistan CDN network compromised by Chinese hackers".
2. ^ "Subresource Integrity". Mozilla Developer Network. Retrieved 14 April 2016.

## External links[edit]

* Subresource Integrity on Mozilla Developer Network (MDN)
* W3C specification
* SRI on Mozilla Wiki

* v
* t
* e

World Wide Web Consortium (W3C)

Products and
standards|

| Recommendations|

* ActivityPub
* Activity Streams
* ARIA
* Canonical XML
* CDF
* CSS
* Animations
* Flexbox
* Grid
* DOM
* Geolocation API
* HTML
* HTML5
* IndexedDB
* ITS
* JSON-LD
* Linked Data Notifications
* MathML
* Micropub
* OWL
* PLS
* RDF
* Schema
* SISR
* SKOS
* SMIL
* SOAP
* SRGS
* SRI
* SSML
* SVG
* Filter Effects
* SCXML
* SHACL
* SPARQL
* Timed text
* VoiceXML
* Web storage
* WSDL
* Webmention
* WebSub
* XHTML
* +RDFa
* XML
* Base
* Encryption
* Events
* Information Set
* Namespace
* Schema
* Signature
* XForms
* XInclude
* XLink
* XOP
* XPath
* 2.0
* 3.x
* XPointer
* XProc
* XQuery
* XSL
* XSL-FO
* XSLT
* elements

|

Notes|

* IndieAuth
* XAdES
* XBL
* XHTML+SMIL
* XUP

Working drafts|

* CCXML
* CURIE
* EME
* InkML
* MSE
* RIF
* SMIL Timesheets
* sXBL
* WebGPU
* WebXR
* XFDL
* XFrames
* XMLHttpRequest

Guidelines|

* Web Content Accessibility Guidelines

Initiative|

* Markup Validation Service
* Web Accessibility Initiative
* WebPlatform
* Web Components

Deprecated|

* C-HTML
* HDML
* JSSS
* PGML
* VML
* XHTML+MathML+SVG

Obsoleted|

* P3P

Organizations|

* World Wide Web Foundation

Working groups|

* TAG
* CSS
* SVG
* WebAssembly
* WebAuthn
* WHATWG

Community & business groups|

* Web Advertising BG
* WebAssembly CG

Closed groups|

* Device Description (DDWG)
* HTML
* Multimodal Interaction Activity (MMI)

Software|

* CERN httpd
* Libwww

Browsers|

* Line Mode (1990–)
* Arena (1993–98)
* Agora (1994–97)
* Argo (1994–97)
* Amaya (browser/editor, 1996–2012)

Conferences|

* International World Wide Web Conference (IW3C)
* Steering Committee (IW3C2)
* First conference ("WWW1", 1994)

*[v]: View this template
*[t]: Discuss this template
*[e]: Edit this template