• Login
  • Register

DNN Forums

A community discussion page. We're starting from scratch, so...let's get the party started!

dnnjsinclude gives script src integrity check

You are not authorized to post a reply.
Sort:


New Member


Posts:3
New Member

     

    I am using DontnetNuke 7.4, Visual Studio 2013 and .net framework 4.0

    I am referencing typekit.js in dnnjsinclude.

     

    <dnn:dnnjsinclude filepath="https://use.typekit.net/xie1khe.js" id="someID" runat="server">

    After a PCI scan, we are having a script src integrity check issue. I checked online and saw adding an integrity property with value as a key generated using https://www.srihash.org/ . However I think the integrity property here isn't recognized and all the interface gets messed up. Is there any way to set it ? Kindly let me know if my question is not clear. Thank you for your time in advance.

    Thanks



    New Member


    Posts:23
    New Member

      There is, in fact, a little known method for adding attributes to these script tags.  The DnnJsInclude control has a HtmlAttributesAsString property which can be used to add attributes.  In your example, that would look like this:

      
      <%@ Register TagPrefix="dnn" Namespace="DotNetNuke.Web.Client.ClientResourceManagement" Assembly="DotNetNuke.Web.Client" %>
      
      <dnn:DnnJsInclude runat="server" FilePath="https://use.typekit.net/xie1khe.js" HtmlAttributesAsString="integrity:sha384-cVzjI50ULMD2q5gObcDlRz+PX+kfeUHv+/Wv4WSV5DDVwYC2fOWGbkdUeaAFgcln,crossorigin:anonymous" />
      

      At one point I had found that setting multiple attributes this was wasn't working, and there was a fix in DNN 9.2 which addressed that; however, testing just now, this did work on my DNN 7.4.2 site, so hopefully this works for you. One caveat is that you do need to use the DnnJsInclude class from DotNetNuke.Web.Client.ClientResourceManagement (see the <%@ Register … %> directive above), rather than the skin/theme object by the same name.

      DNN partner specializing in custom, enterprise DNN development https://engagesoftware.com/showcase


      New Member


      Posts:3
      New Member

        Hi Brian,

        Thank you so much for your reply. I had tried adding the HtmlAttributesAsString in my website before. So my complete code was something as follows :

        <%@ Register TagPrefix="dnn" Namespace="DotNetNuke.Web.Client.ClientResourceManagement" Assembly="DotNetNuke.Web.Client" %>    (at the top of the page)

        then 

         

        <dnn:dnnjsinclude filepath="https://use.typekit.net/xie1khe.js" htmlattributesasstring="crossorigin:'anonymous',integrity:'sha384-cVzjI50ULMD2q5gObcDlRz+PX+kfeUHv+/Wv4WSV5DDVwYC2fOWGbkdUeaAFgcln'" id="SomeID" runat="server">

        But when I right click and inspect element and check the console, it gives me the following error :

        Error parsing 'integrity' attribute (''sha384-cVzjI50ULMD2q5gObcDlRz+PX+kfeUHv+/Wv4WSV5DDVwYC2fOWGbkdUeaAFgcln''). The specified hash algorithm must be one of 'sha256', 'sha384', or 'sha512' .

        Am I doing something wrong ? Is there any way to test if the added integrity constraint is working correctly ?

        KIndly let me know if I am not clear.

        Thanks !



        New Member


        Posts:23
        New Member

          It looks like the newer versions allow you to wrap the attribute values in single quotes, but the version in DNN 7.4.2 does not. If you remove the single quotes it should work.

          DNN partner specializing in custom, enterprise DNN development https://engagesoftware.com/showcase


          New Member


          Posts:3
          New Member

            It worked !!! :)  

            Thank you very much for helping me

            You are not authorized to post a reply.

            These Forums are dedicated to discussion of DNN Platform.

            For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

            1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
            2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
            3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
            4. No Flaming or Trolling.
            5. No Profanity, Racism, or Prejudice.
            6. Site Moderators have the final word on approving / removing a thread or post or comment.
            7. English language posting only, please.

            Would you like to help us?

            Awesome! Simply post in the forums using the link below and we'll get you started.

            Get Involved