Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@ampproject/toolbox-script-csp

Package Overview
Dependencies
Maintainers
16
Versions
15
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@ampproject/toolbox-script-csp

A library that calculates the CSP hash for amp-script

  • 2.10.1
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
16
Created
Source

AMP-Toolbox Script CSP

npm version

Calculates the Content Security Policy (CSP) hash for the given script in the format expected by amp-script.

CSP is required when using amp-script with inline or cross-origin scripts.

Usage

Install via:

$ npm install @ampproject/toolbox-script-csp

Using the module

The module exposes a single function, calculateHash(src, options?).

src can be either a string (in which case UTF8 encoding is assumed) or a DataView such as a Buffer.

options is used to override the default options.

Options
  • algorithm overrides the hashing algorithm to use. Currently, the only algorithm supported by amp-script is sha384 which is the default value.

Example

Here is an example on how to use the calculateHash function to generate an amp-script CSP header.

Note that both leading and trailing whitespace is included in calculating the hash and must exactly match the whitespace used in the inline script.

const {calculateHash} = require('@ampproject/toolbox-script-csp');

const script = `
    const subject = 'world';
    console.log('Hello, ' + subject);
    `;

const hash = calculateHash(script);

console.log(hash);  // sha384-xRxb5sv13at6tVgZET4JLmf89TSZP10HjCGXVqO9bKWVXB0asV2jLrsDN8v4zX6j

The generated hash can be used in a <meta> tag this way:

<!doctype html>
<html ⚡>
<head>
  ...

  <meta name="amp-script-src" content="sha384-xRxb5sv13at6tVgZET4JLmf89TSZP10HjCGXVqO9bKWVXB0asV2jLrsDN8v4zX6j">
</head>
  <body>
    ...

    <amp-script layout="container" script="example"></amp-script>

    <script id="example" type="text/plain" target="amp-script">
    const subject = 'world';
    console.log('Hello, ' + subject);
    </script>
  </body>
</html>

Keywords

FAQs

Package last updated on 14 Jun 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc