Skip to content

[MEDIUM] No SRI hashes for CDN scripts - Supply Chain Attack Risk #20

Description

@saidai-bhuvanesh

🔗 Security: Missing Subresource Integrity (SRI) Hashes

Severity: Medium
Files: projects/*/index.html

Problem

External CDN scripts loaded without integrity hashes:

<!-- markdown-notes-sync/index.html -->
<script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script>

Risk

If jsdelivr is compromised or a malicious version is uploaded, all users execute malicious code.

Fix

<script 
  src="https://cdn.jsdelivr.net/npm/marked/marked.min.js" 
  integrity="sha256-XrRj5aRLLKl45+4aGqh9cR6ZBwS7TRb3I4AP1cX1c=" 
  crossorigin="anonymous"
></script>

Labels: security, ssoc26

Metadata

Metadata

Labels

enhancementNew feature or requestgood first issueGood for newcomersssoc26Main tag identifying the repository for Social Summer of Code 2026

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions