🔗 Security: Missing Subresource Integrity (SRI) Hashes
Severity: Medium
Files: projects/*/index.html
Problem
External CDN scripts loaded without integrity hashes:
<!-- markdown-notes-sync/index.html -->
<script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script>
Risk
If jsdelivr is compromised or a malicious version is uploaded, all users execute malicious code.
Fix
<script
src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"
integrity="sha256-XrRj5aRLLKl45+4aGqh9cR6ZBwS7TRb3I4AP1cX1c="
crossorigin="anonymous"
></script>
Labels: security, ssoc26
🔗 Security: Missing Subresource Integrity (SRI) Hashes
Severity: Medium
Files: projects/*/index.html
Problem
External CDN scripts loaded without integrity hashes:
Risk
If jsdelivr is compromised or a malicious version is uploaded, all users execute malicious code.
Fix
Labels: security, ssoc26