Skip to content

Commit cba1f20

Browse files
jacksecengjackseceng
authored
Merge pull request #503 from jackseceng/integrity-fixes
fix(integrity-checks): Adding integrity checks to html files for the …
2 parents 589d8a7 + bf2b62b commit cba1f20

10 files changed

Lines changed: 172 additions & 23 deletions

File tree

app/static/linkpage.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ function saveQRCode() {
2727

2828
// Trigger the download
2929
showNotification("Downloading QR Code");
30-
console.log("Triggering download of QR code");
30+
console.log("Downloading QR Code");
3131
document.body.appendChild(downloadLink);
3232
downloadLink.click();
3333
document.body.removeChild(downloadLink);

app/static/main.js

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,12 +19,13 @@ function toggleCustomExt() {
1919
document.getElementById("custom-ext-chevron").classList.toggle("open");
2020
}
2121

22-
document
23-
.getElementById("custom-ext-toggle")
24-
.addEventListener("click", function (e) {
22+
const customExtToggle = document.getElementById("custom-ext-toggle");
23+
if (customExtToggle) {
24+
customExtToggle.addEventListener("click", function (e) {
2525
e.preventDefault();
2626
toggleCustomExt();
2727
});
28+
}
2829

2930
function showNotification(message) {
3031
const notification = document.getElementById("notification");

app/static/site.webmanifest

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
{
2+
"name": "cubelink",
3+
"short_name": "cubelink",
4+
"description": "Secure Link Shortener",
5+
"icons": [
6+
{
7+
"src": "/favicon-96x96.png",
8+
"sizes": "96x96",
9+
"type": "image/png"
10+
},
11+
{
12+
"src": "/apple-touch-icon.png",
13+
"sizes": "180x180",
14+
"type": "image/png"
15+
},
16+
{
17+
"src": "/favicon.svg",
18+
"sizes": "any",
19+
"type": "image/svg+xml"
20+
}
21+
],
22+
"start_url": "/",
23+
"display": "standalone",
24+
"background_color": "#212121",
25+
"theme_color": "#020024"
26+
}

app/templates/404.html

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,30 +5,42 @@
55
<link
66
rel="stylesheet"
77
href="https://{{ cdn }}/style.css"
8+
integrity="sha384-wUdlFxWYlrECprUMtZACDfROoVPJ7yvZw43pdMgDqYVlxDJEJZb3vD+AStJqzf0u"
9+
crossorigin="anonymous"
810
/>
911
<link
1012
rel="icon"
1113
type="image/png"
1214
href="https://{{ cdn }}/favicon-96x96.png"
1315
sizes="96x96"
16+
integrity="sha384-dnkgadw7QrrNMHmdxZW+FZtG1u69j4jZN+Rc1aPzMe8rYAfhbtAyh6p8NuI+7CEH"
17+
crossorigin="anonymous"
1418
/>
1519
<link
1620
rel="icon"
1721
type="image/svg+xml"
1822
href="https://{{ cdn }}/favicon.svg"
23+
integrity="sha384-WagmUggrGjucwi77hTatzRuMl2X3h/9xwm5VhNOK4JoaLRNFZyc2udjipB2iolrX"
24+
crossorigin="anonymous"
1925
/>
2026
<link
2127
rel="shortcut icon"
2228
href="https://{{ cdn }}/favicon.ico"
29+
integrity="sha384-GahwGK136yZ57RiOzqQDM6Rw1uEPTxG05KY7TXdph2E/JgaaGTKb+BvFQKeG8aNP"
30+
crossorigin="anonymous"
2331
/>
2432
<link
2533
rel="apple-touch-icon"
2634
sizes="180x180"
2735
href="https://{{ cdn }}/apple-touch-icon.png"
36+
integrity="sha384-JJ/2lc8hL09uRZe4iD7qX22/XbWUilKQDfv8Jwk4qHjxo0d1DaaOFErJe+AcsjHU"
37+
crossorigin="anonymous"
2838
/>
2939
<link
3040
rel="manifest"
3141
href="https://{{ cdn }}/site.webmanifest"
42+
integrity="sha384-j9TPflkpavC9RTKD5tkavefhKk4I3wU88f/amU0X+GfYSxKTIq+0Ab61jZSfIctn"
43+
crossorigin="anonymous"
3244
/>
3345
<meta id="errorreason" value="{{ errormessage }}" />
3446
<meta name="viewport" content="width=device-width, initial-scale=1" />

app/templates/500.html

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,30 +5,42 @@
55
<link
66
rel="stylesheet"
77
href="https://{{ cdn }}/style.css"
8+
integrity="sha384-wUdlFxWYlrECprUMtZACDfROoVPJ7yvZw43pdMgDqYVlxDJEJZb3vD+AStJqzf0u"
9+
crossorigin="anonymous"
810
/>
911
<link
1012
rel="icon"
1113
type="image/png"
1214
href="https://{{ cdn }}/favicon-96x96.png"
1315
sizes="96x96"
16+
integrity="sha384-dnkgadw7QrrNMHmdxZW+FZtG1u69j4jZN+Rc1aPzMe8rYAfhbtAyh6p8NuI+7CEH"
17+
crossorigin="anonymous"
1418
/>
1519
<link
1620
rel="icon"
1721
type="image/svg+xml"
1822
href="https://{{ cdn }}/favicon.svg"
23+
integrity="sha384-WagmUggrGjucwi77hTatzRuMl2X3h/9xwm5VhNOK4JoaLRNFZyc2udjipB2iolrX"
24+
crossorigin="anonymous"
1925
/>
2026
<link
2127
rel="shortcut icon"
2228
href="https://{{ cdn }}/favicon.ico"
29+
integrity="sha384-GahwGK136yZ57RiOzqQDM6Rw1uEPTxG05KY7TXdph2E/JgaaGTKb+BvFQKeG8aNP"
30+
crossorigin="anonymous"
2331
/>
2432
<link
2533
rel="apple-touch-icon"
2634
sizes="180x180"
2735
href="https://{{ cdn }}/apple-touch-icon.png"
36+
integrity="sha384-JJ/2lc8hL09uRZe4iD7qX22/XbWUilKQDfv8Jwk4qHjxo0d1DaaOFErJe+AcsjHU"
37+
crossorigin="anonymous"
2838
/>
2939
<link
3040
rel="manifest"
3141
href="https://{{ cdn }}/site.webmanifest"
42+
integrity="sha384-j9TPflkpavC9RTKD5tkavefhKk4I3wU88f/amU0X+GfYSxKTIq+0Ab61jZSfIctn"
43+
crossorigin="anonymous"
3244
/>
3345
<meta id="errorreason" value="{{ errormessage }}" />
3446
<meta name="viewport" content="width=device-width, initial-scale=1" />

app/templates/index.html

Lines changed: 15 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,25 +2,36 @@
22
<html lang="en">
33
<head>
44
<title>cubelink - Secure Link Shortener</title>
5-
<link rel="stylesheet" href="https://{{ cdn }}/style.css" />
5+
<link rel="stylesheet" href="https://{{ cdn }}/style.css" integrity="sha384-wUdlFxWYlrECprUMtZACDfROoVPJ7yvZw43pdMgDqYVlxDJEJZb3vD+AStJqzf0u" crossorigin="anonymous" />
66
<link
77
rel="icon"
88
type="image/png"
99
href="https://{{ cdn }}/favicon-96x96.png"
1010
sizes="96x96"
11+
integrity="sha384-dnkgadw7QrrNMHmdxZW+FZtG1u69j4jZN+Rc1aPzMe8rYAfhbtAyh6p8NuI+7CEH"
12+
crossorigin="anonymous"
1113
/>
1214
<link
1315
rel="icon"
1416
type="image/svg+xml"
1517
href="https://{{ cdn }}/favicon.svg"
18+
integrity="sha384-WagmUggrGjucwi77hTatzRuMl2X3h/9xwm5VhNOK4JoaLRNFZyc2udjipB2iolrX"
19+
crossorigin="anonymous"
20+
/>
21+
<link
22+
rel="shortcut icon"
23+
href="https://{{ cdn }}/favicon.ico"
24+
integrity="sha384-GahwGK136yZ57RiOzqQDM6Rw1uEPTxG05KY7TXdph2E/JgaaGTKb+BvFQKeG8aNP"
25+
crossorigin="anonymous"
1626
/>
17-
<link rel="shortcut icon" href="https://{{ cdn }}/favicon.ico" />
1827
<link
1928
rel="apple-touch-icon"
2029
sizes="180x180"
2130
href="https://{{ cdn }}/apple-touch-icon.png"
31+
integrity="sha384-JJ/2lc8hL09uRZe4iD7qX22/XbWUilKQDfv8Jwk4qHjxo0d1DaaOFErJe+AcsjHU"
32+
crossorigin="anonymous"
2233
/>
23-
<link rel="manifest" href="https://{{ cdn }}/site.webmanifest" />
34+
<link rel="manifest" href="https://{{ cdn }}/site.webmanifest" integrity="sha384-j9TPflkpavC9RTKD5tkavefhKk4I3wU88f/amU0X+GfYSxKTIq+0Ab61jZSfIctn" crossorigin="anonymous" />
2435
<meta id="errorreason" value="{{ errormessage }}" />
2536
<meta name="viewport" content="width=device-width, initial-scale=1" />
2637
</head>
@@ -113,7 +124,7 @@ <h1>Shorten a link</h1>
113124
|
114125
<a href="https://jacksec.engineer" target="_blank"> Made by Jack </a>
115126
</div>
116-
<script src="https://{{ cdn }}/main.js"></script>
127+
<script src="https://{{ cdn }}/main.js" integrity="sha384-+mgxv/j8PS4LqfbANhG2Iy3ZROxiOMvFDK5SAzv2RzFAl/VXX4baZgpmUVEENxS/" crossorigin="anonymous"></script>
117128
<script
118129
src="https://challenges.cloudflare.com/turnstile/v0/api.js"
119130
async

app/templates/link.html

Lines changed: 18 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2,31 +2,42 @@
22
<html lang="en">
33
<head>
44
<title>Your short link - cubelink</title>
5-
<link rel="stylesheet" href="https://{{ cdn }}/style.css" />
5+
<link rel="stylesheet" href="https://{{ cdn }}/style.css" integrity="sha384-wUdlFxWYlrECprUMtZACDfROoVPJ7yvZw43pdMgDqYVlxDJEJZb3vD+AStJqzf0u" crossorigin="anonymous" />
66
<link
77
rel="icon"
88
type="image/png"
99
href="https://{{ cdn }}/favicon-96x96.png"
1010
sizes="96x96"
11+
integrity="sha384-dnkgadw7QrrNMHmdxZW+FZtG1u69j4jZN+Rc1aPzMe8rYAfhbtAyh6p8NuI+7CEH"
12+
crossorigin="anonymous"
1113
/>
1214
<link
1315
rel="icon"
1416
type="image/svg+xml"
1517
href="https://{{ cdn }}/favicon.svg"
18+
integrity="sha384-WagmUggrGjucwi77hTatzRuMl2X3h/9xwm5VhNOK4JoaLRNFZyc2udjipB2iolrX"
19+
crossorigin="anonymous"
20+
/>
21+
<link
22+
rel="shortcut icon"
23+
href="https://{{ cdn }}/favicon.ico"
24+
integrity="sha384-GahwGK136yZ57RiOzqQDM6Rw1uEPTxG05KY7TXdph2E/JgaaGTKb+BvFQKeG8aNP"
25+
crossorigin="anonymous"
1626
/>
17-
<link rel="shortcut icon" href="https://{{ cdn }}/favicon.ico" />
1827
<link
1928
rel="apple-touch-icon"
2029
sizes="180x180"
2130
href="https://{{ cdn }}/apple-touch-icon.png"
31+
integrity="sha384-JJ/2lc8hL09uRZe4iD7qX22/XbWUilKQDfv8Jwk4qHjxo0d1DaaOFErJe+AcsjHU"
32+
crossorigin="anonymous"
2233
/>
23-
<link rel="manifest" href="https://{{ cdn }}/site.webmanifest" />
34+
<link rel="manifest" href="https://{{ cdn }}/site.webmanifest" integrity="sha384-j9TPflkpavC9RTKD5tkavefhKk4I3wU88f/amU0X+GfYSxKTIq+0Ab61jZSfIctn" crossorigin="anonymous" />
2435
<meta id="errorreason" value="{{ errormessage }}" />
2536
<meta name="viewport" content="width=device-width, initial-scale=1" />
2637
</head>
2738

2839
<body>
29-
<script src="https://{{ cdn }}/qrcode.min.js"></script>
40+
<script src="https://{{ cdn }}/qrcode.min.js" integrity="sha384-hIgHkwCcA5ZEc+J9MEhLLKneaRztxODMSKruhDydFGRuDGa/fagUluO0J/+WIMMU" crossorigin="anonymous"></script>
3041
<div id="notification" class="notification"></div>
3142
<form method="GET" action="" autocomplete="off" class="form">
3243
<div class="control">
@@ -104,9 +115,9 @@ <h1>Your short link</h1>
104115
<a href="https://jacksec.engineer" target="_blank"> Made by Jack </a>
105116
</div>
106117
</form>
107-
<script src="https://{{ cdn }}/linkpage.js"></script>
108-
<script src="https://{{ cdn }}/copy.js"></script>
109-
<script src="https://{{ cdn }}/main.js"></script>
118+
<script src="https://{{ cdn }}/linkpage.js" integrity="sha384-4mxQ0Yqb+sLe0ZWKO9Q9mhdA+Pb++RBVipWOEemLqpTM6JSXL2mUoq8zYiyqxrv/" crossorigin="anonymous"></script>
119+
<script src="https://{{ cdn }}/copy.js" integrity="sha384-P1AJn486xjYAc5XHIUZQIJ91L+sd+PSg86a1zkV95bRHyKq2JlV2YCxJuUbePA3w" crossorigin="anonymous"></script>
120+
<script src="https://{{ cdn }}/main.js" integrity="sha384-+mgxv/j8PS4LqfbANhG2Iy3ZROxiOMvFDK5SAzv2RzFAl/VXX4baZgpmUVEENxS/" crossorigin="anonymous"></script>
110121
</body>
111122
</html>
112123
<!-- Based on this codepen: https://codepen.io/marko-zub/pen/mzPeOV -->

app/templates/redirect.html

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,30 +6,42 @@
66
<link
77
rel="stylesheet"
88
href="https://{{ cdn }}/style.css"
9+
integrity="sha384-wUdlFxWYlrECprUMtZACDfROoVPJ7yvZw43pdMgDqYVlxDJEJZb3vD+AStJqzf0u"
10+
crossorigin="anonymous"
911
/>
1012
<link
1113
rel="icon"
1214
type="image/png"
1315
href="https://{{ cdn }}/favicon-96x96.png"
1416
sizes="96x96"
17+
integrity="sha384-dnkgadw7QrrNMHmdxZW+FZtG1u69j4jZN+Rc1aPzMe8rYAfhbtAyh6p8NuI+7CEH"
18+
crossorigin="anonymous"
1519
/>
1620
<link
1721
rel="icon"
1822
type="image/svg+xml"
1923
href="https://{{ cdn }}/favicon.svg"
24+
integrity="sha384-WagmUggrGjucwi77hTatzRuMl2X3h/9xwm5VhNOK4JoaLRNFZyc2udjipB2iolrX"
25+
crossorigin="anonymous"
2026
/>
2127
<link
2228
rel="shortcut icon"
2329
href="https://{{ cdn }}/favicon.ico"
30+
integrity="sha384-GahwGK136yZ57RiOzqQDM6Rw1uEPTxG05KY7TXdph2E/JgaaGTKb+BvFQKeG8aNP"
31+
crossorigin="anonymous"
2432
/>
2533
<link
2634
rel="apple-touch-icon"
2735
sizes="180x180"
2836
href="https://{{ cdn }}/apple-touch-icon.png"
37+
integrity="sha384-JJ/2lc8hL09uRZe4iD7qX22/XbWUilKQDfv8Jwk4qHjxo0d1DaaOFErJe+AcsjHU"
38+
crossorigin="anonymous"
2939
/>
3040
<link
3141
rel="manifest"
3242
href="https://{{ cdn }}/site.webmanifest"
43+
integrity="sha384-j9TPflkpavC9RTKD5tkavefhKk4I3wU88f/amU0X+GfYSxKTIq+0Ab61jZSfIctn"
44+
crossorigin="anonymous"
3345
/>
3446
<meta id="errorreason" value="{{ errormessage }}" />
3547
<meta name="viewport" content="width=device-width, initial-scale=1" />

app/templates/stats.html

Lines changed: 19 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2,31 +2,42 @@
22
<html lang="en">
33
<head>
44
<title>Your short link - cubelink</title>
5-
<link rel="stylesheet" href="https://{{ cdn }}/style.css" />
5+
<link rel="stylesheet" href="https://{{ cdn }}/style.css" integrity="sha384-wUdlFxWYlrECprUMtZACDfROoVPJ7yvZw43pdMgDqYVlxDJEJZb3vD+AStJqzf0u" crossorigin="anonymous" />
66
<link
77
rel="icon"
88
type="image/png"
99
href="https://{{ cdn }}/favicon-96x96.png"
1010
sizes="96x96"
11+
integrity="sha384-dnkgadw7QrrNMHmdxZW+FZtG1u69j4jZN+Rc1aPzMe8rYAfhbtAyh6p8NuI+7CEH"
12+
crossorigin="anonymous"
1113
/>
1214
<link
1315
rel="icon"
1416
type="image/svg+xml"
1517
href="https://{{ cdn }}/favicon.svg"
18+
integrity="sha384-WagmUggrGjucwi77hTatzRuMl2X3h/9xwm5VhNOK4JoaLRNFZyc2udjipB2iolrX"
19+
crossorigin="anonymous"
20+
/>
21+
<link
22+
rel="shortcut icon"
23+
href="https://{{ cdn }}/favicon.ico"
24+
integrity="sha384-GahwGK136yZ57RiOzqQDM6Rw1uEPTxG05KY7TXdph2E/JgaaGTKb+BvFQKeG8aNP"
25+
crossorigin="anonymous"
1626
/>
17-
<link rel="shortcut icon" href="https://{{ cdn }}/favicon.ico" />
1827
<link
1928
rel="apple-touch-icon"
2029
sizes="180x180"
2130
href="https://{{ cdn }}/apple-touch-icon.png"
31+
integrity="sha384-JJ/2lc8hL09uRZe4iD7qX22/XbWUilKQDfv8Jwk4qHjxo0d1DaaOFErJe+AcsjHU"
32+
crossorigin="anonymous"
2233
/>
23-
<link rel="manifest" href="https://{{ cdn }}/site.webmanifest" />
34+
<link rel="manifest" href="https://{{ cdn }}/site.webmanifest" integrity="sha384-j9TPflkpavC9RTKD5tkavefhKk4I3wU88f/amU0X+GfYSxKTIq+0Ab61jZSfIctn" crossorigin="anonymous" />
2435
<meta id="errorreason" value="{{ errormessage }}" />
2536
<meta name="viewport" content="width=device-width, initial-scale=1" />
2637
</head>
2738

2839
<body>
29-
<script src="https://{{ cdn }}/qrcode.min.js"></script>
40+
<script src="https://{{ cdn }}/qrcode.min.js" integrity="sha384-hIgHkwCcA5ZEc+J9MEhLLKneaRztxODMSKruhDydFGRuDGa/fagUluO0J/+WIMMU" crossorigin="anonymous"></script>
3041
<div id="notification" class="notification"></div>
3142
<form method="GET" action="" autocomplete="off" class="form">
3243
<div class="control">
@@ -88,9 +99,9 @@ <h1>Statistics</h1>
8899
<a href="https://jacksec.engineer" target="_blank"> Made by Jack </a>
89100
</div>
90101
</form>
91-
<script src="https://{{ cdn }}/timeago.min.js"></script>
92-
<script src="https://{{ cdn }}/statpage.js"></script>
93-
<script src="https://{{ cdn }}/copy.js"></script>
94-
<script src="https://{{ cdn }}/main.js"></script>
102+
<script src="https://{{ cdn }}/timeago.min.js" integrity="sha384-V026XwMyKE2mWMNj9mt8sfjpb9UuKp8s6eXk3HY4nHqCE2dhi57NdCKT/gF6owTr" crossorigin="anonymous"></script>
103+
<script src="https://{{ cdn }}/statpage.js" integrity="sha384-lNaayjqFHjiUWfFsu3zaeX9s6bc9E4fhOmoaAARNFdtbh04BIvUGmyx4g47feQY1" crossorigin="anonymous"></script>
104+
<script src="https://{{ cdn }}/copy.js" integrity="sha384-P1AJn486xjYAc5XHIUZQIJ91L+sd+PSg86a1zkV95bRHyKq2JlV2YCxJuUbePA3w" crossorigin="anonymous"></script>
105+
<script src="https://{{ cdn }}/main.js" integrity="sha384-+mgxv/j8PS4LqfbANhG2Iy3ZROxiOMvFDK5SAzv2RzFAl/VXX4baZgpmUVEENxS/" crossorigin="anonymous"></script>
95106
</body>
96107
</html>

0 commit comments

Comments
 (0)