I am using DontnetNuke 7.4, Visual Studio 2013 and .net framework 4.0
I am referencing typekit.js in dnnjsinclude.
<dnn:dnnjsinclude filepath="https://use.typekit.net/xie1khe.js" id="someID" runat="server">
After a PCI scan, we are having a script src integrity check issue. I checked online and saw adding an integrity property with value as a key generated using https://www.srihash.org/ . However I think the integrity property here isn't recognized and all the interface gets messed up. Is there any way to set it ? Kindly let me know if my question is not clear. Thank you for your time in advance.
Thanks
There is, in fact, a little known method for adding attributes to these script tags. The <code>DnnJsInclude</code> control has a <code>HtmlAttributesAsString</code> property which can be used to add attributes. In your example, that would look like this:
<code> <%@ Register TagPrefix="dnn" Namespace="DotNetNuke.Web.Client.ClientResourceManagement" Assembly="DotNetNuke.Web.Client" %> <dnn:DnnJsInclude runat="server" FilePath="https://use.typekit.net/xie1khe.js" HtmlAttributesAsString="integrity:sha384-cVzjI50ULMD2q5gObcDlRz+PX+kfeUHv+/Wv4WSV5DDVwYC2fOWGbkdUeaAFgcln,crossorigin:anonymous" /> </code>
At one point I had found that setting multiple attributes this was wasn't working, and there was a fix in DNN 9.2 which addressed that; however, testing just now, this did work on my DNN 7.4.2 site, so hopefully this works for you. One caveat is that you do need to use the <code>DnnJsInclude</code> class from <code>DotNetNuke.Web.Client.ClientResourceManagement</code> (see the <code><%@ Register … %></code> directive above), rather than the skin/theme object by the same name.
Hi Brian,
Thank you so much for your reply. I had tried adding the HtmlAttributesAsString in my website before. So my complete code was something as follows :
<%@ Register TagPrefix="dnn" Namespace="DotNetNuke.Web.Client.ClientResourceManagement" Assembly="DotNetNuke.Web.Client" %> (at the top of the page)
then
<dnn:dnnjsinclude filepath="https://use.typekit.net/xie1khe.js" htmlattributesasstring="crossorigin:'anonymous',integrity:'sha384-cVzjI50ULMD2q5gObcDlRz+PX+kfeUHv+/Wv4WSV5DDVwYC2fOWGbkdUeaAFgcln'" id="SomeID" runat="server">
But when I right click and inspect element and check the console, it gives me the following error :
Error parsing 'integrity' attribute (''sha384-cVzjI50ULMD2q5gObcDlRz+PX+kfeUHv+/Wv4WSV5DDVwYC2fOWGbkdUeaAFgcln''). The specified hash algorithm must be one of 'sha256', 'sha384', or 'sha512' .
Am I doing something wrong ? Is there any way to test if the added integrity constraint is working correctly ?
KIndly let me know if I am not clear.
Thanks !
It looks like the newer versions allow you to wrap the attribute values in single quotes, but the version in DNN 7.4.2 does not. If you remove the single quotes it should work.
It worked !!! :)
Thank you very much for helping me
SPA modules have an extension mechanism, but typically the <code>TokenReplace</code> type will have a hard-coded list of <code>IPropertyAccess</code> implementations, see e.g. <code>HtmlTokenReplace</code> (which is the base class for the SPA module token replace, but also used for the HTML module).
For a SPA module, the module's business controller class can implement <code>ICustomTokenProvider</code> (here's where that's found and called).
These Forums are for the discussion of the open source CMS DNN platform and ecosystem.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.