@ampproject/toolbox-script-csp
Advanced tools
Changelog
2.9.0 (2022-06-23)
cloudflare-optimizer-scripts
optimizer
optimizer
cache-url, cli, cloudflare-optimizer-scripts, linter, optimizer-docker, optimizer, page-experience, update-cache
cache-list, cache-url, cli, cloudflare-optimizer-scripts, core, cors, linter, optimizer-docker, optimizer-express, optimizer, page-experience, runtime-fetch, runtime-version, script-csp, update-cache, validator-rules
Readme
Calculates the Content Security Policy (CSP)
hash for the given script in the format expected by amp-script.
CSP is required when using amp-script with inline or cross-origin scripts.
Install via:
$ npm install @ampproject/toolbox-script-csp
The module exposes a single function, calculateHash(src, options?).
src can be either a string (in which case UTF8 encoding is assumed) or a
DataView
such as a Buffer.
options is used to override the default options.
algorithm overrides the hashing algorithm to use. Currently, the only
algorithm supported by amp-script is sha384 which is the default value.Here is an example on how to use the calculateHash function to generate an
amp-script CSP header.
Note that both leading and trailing whitespace is included in calculating the hash and must exactly match the whitespace used in the inline script.
const {calculateHash} = require('@ampproject/toolbox-script-csp');
const script = `
const subject = 'world';
console.log('Hello, ' + subject);
`;
const hash = calculateHash(script);
console.log(hash); // sha384-xRxb5sv13at6tVgZET4JLmf89TSZP10HjCGXVqO9bKWVXB0asV2jLrsDN8v4zX6j
The generated hash can be used in a <meta> tag this way:
<!doctype html>
<html ⚡>
<head>
...
<meta name="amp-script-src" content="sha384-xRxb5sv13at6tVgZET4JLmf89TSZP10HjCGXVqO9bKWVXB0asV2jLrsDN8v4zX6j">
</head>
<body>
...
<amp-script layout="container" script="example"></amp-script>
<script id="example" type="text/plain" target="amp-script">
const subject = 'world';
console.log('Hello, ' + subject);
</script>
</body>
</html>
FAQs
A library that calculates the CSP hash for amp-script
The npm package @ampproject/toolbox-script-csp receives a total of 37,799 weekly downloads. As such, @ampproject/toolbox-script-csp popularity was classified as popular.
We found that @ampproject/toolbox-script-csp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 16 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.