Opened 8 years ago
Last modified 6 years ago
#37162 new enhancement
wp_style_add_data and wp_script_add_data should accept SRI information
Reported by: | michaelkrieger | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 4.5.3 |
Component: | Script Loader | Keywords: | |
Focuses: | Cc: |
Description (last modified by )
Subresource Integrity Hashes (SRI) is now recommended for many CDN sourced CSS and JavaScript as provided for in http://www.w3.org/TR/SRI/ . WordPress does not allow SRI code (or anything other than a set list) to be added via wp_*_add_data. The same applies to javascript loading in addition to stylesheet loading.
wp_*_add_data should support these tags instead of currently silently ignoring them. The two tag keys are crossorigin and integrity.
Example of recommended link tags that should be generated:
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.2/css/bootstrap.min.css" integrity="sha384 -y3tfxAZXuh4HwSYylfB+J125MxIs6mR5FOHamPBG064zB+AFeWH94NdvaCBm8qnd" crossorigin="anonymous"> <link href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css" rel="stylesheet" integrity="sha384-T 8Gy5hrqNKT+hzMclPo118YTQO6cYprQmhrYwIiQ/3axmI1hQomh7Ud2hPOy8SP1" crossorigin="anonymous">
Expected (currently non-working usage)
wp_enqueue_style('bootstrap', "https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.2/css/bootstrap.min.css", array(), null, 'all'); wp_style_add_data('bootstrap', 'crossorigin', 'anonymous'); wp_style_add_data('bootstrap', 'integrity', 'sha384-y3tfxAZXuh4HwSYylfB+J125MxIs6mR5FOHamPBG064zB+AFeWH94NdvaCBm8qnd');
Change History (2)
Note: See
TracTickets for help on using
tickets.
Previously, #33948