You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+13-1Lines changed: 13 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -309,10 +309,22 @@ Add the version of `solc` you want to use into `index.html`:
309
309
<script
310
310
type="text/javascript"
311
311
src="https://binaries.soliditylang.org/bin/{{ SOLC VERSION }}.js"
312
+
integrity="sha256-{{ BASE64-ENCODED HASH OF SOLC VERSION }}"
313
+
crossorigin="anonymous"
312
314
></script>
313
315
```
314
316
315
-
(Alternatively use `https://binaries.soliditylang.org/bin/soljson-latest.js` to get the latests version.)
317
+
(Alternatively, use `https://binaries.soliditylang.org/bin/soljson-latest.js` to get the latest version.)
318
+
319
+
It is recommended that you check the integrity of the resource being fetched before using it in your application.
320
+
For that, you can use the [Subresource Integrity (SRI)](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) feature.
321
+
Adding SRI configuration to your HTML script tag ensures that the resource will only be loaded in the browser if the cryptographic hashes matches.
322
+
323
+
You can run the script [get-sri.sh](./get-sri.sh) informing the desired solc-js version or compute it yourself based on the base64-encoded version of the sha256 hash of the release.
0 commit comments