Notwithstanding Precautions, Misadventure

    @ampproject/toolbox-script-csp

    2.9.0 • Public • Published

    AMP-Toolbox Script CSP

    npm version

    Calculates the Content Security Policy (CSP) hash for the given script in the format expected by amp-script.

    CSP is required when using amp-script with inline or cross-origin scripts.

    Usage

    Install via:

    $ npm install @ampproject/toolbox-script-csp
    

    Using the module

    The module exposes a single function, calculateHash(src, options?).

    src can be either a string (in which case UTF8 encoding is assumed) or a DataView such as a Buffer.

    options is used to override the default options.

    Options

    • algorithm overrides the hashing algorithm to use. Currently, the only algorithm supported by amp-script is sha384 which is the default value.

    Example

    Here is an example on how to use the calculateHash function to generate an amp-script CSP header.

    Note that both leading and trailing whitespace is included in calculating the hash and must exactly match the whitespace used in the inline script.

    const {calculateHash} = require('@ampproject/toolbox-script-csp');
    
    const script = `
        const subject = 'world';
        console.log('Hello, ' + subject);
        `;
    
    const hash = calculateHash(script);
    
    console.log(hash);  // sha384-xRxb5sv13at6tVgZET4JLmf89TSZP10HjCGXVqO9bKWVXB0asV2jLrsDN8v4zX6j

    The generated hash can be used in a <meta> tag this way:

    <!doctype html>
    <html >
    <head>
      ...
    
      <meta name="amp-script-src" content="sha384-xRxb5sv13at6tVgZET4JLmf89TSZP10HjCGXVqO9bKWVXB0asV2jLrsDN8v4zX6j">
    </head>
      <body>
        ...
    
        <amp-script layout="container" script="example"></amp-script>
    
        <script id="example" type="text/plain" target="amp-script">
        const subject = 'world';
        console.log('Hello, ' + subject);
        </script>
      </body>
    </html>

    Keywords

    Install

    npm i @ampproject/toolbox-script-csp

    DownloadsWeekly Downloads

    152,489

    Version

    2.9.0

    License

    Apache-2.0

    Unpacked Size

    16.8 kB

    Total Files

    5

    Last publish

    Collaborators

    • ampproject-admin
    • kristoferbaxter
    • jridgewell
    • choumx
    • amp-toolbox
    • fstanis
    • erwinmombay
    • samouri
    • caroqliu
    • rsimha
    • dvoytenko
    • patrickkettner
    • alanorozco
    • kdwan
    • ampprojectbot
    • esth