security - Does javascript subresource integrity check protect from client-side editing? -


the question says all. use of subresource integrity checks foil execution of javascript has been edited locally (say in browser's debug window)?

appreciate insights.

quote mdn:

browsers handle sri doing following:

when browser encounters <script> or <link> element integrity attribute, before executing script or before applying stylesheet specified <link> element, browser must first compare script or stylesheet expected hash given in integrity value.

if script or stylesheet doesn’t match associated integrity value, browser must refuse execute script or apply stylesheet, , must instead return network error indicating fetching of script or stylesheet failed.

so no, not protect malicious code being executed via console, since wont affect loaded files in way.


Comments

Popular posts from this blog

ios - RestKit 0.20 — CoreData: error: Failed to call designated initializer on NSManagedObject class (again) -

java - Digest auth with Spring Security using javaconfig -

laravel - PDOException in Connector.php line 55: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: YES) -