cmd*_*dln 4 javascript python base64 sha256 content-security-policy
我想记录脚本哈希值以实施内容安全策略。我已经能够使用以下代码在 python 中生成哈希值:
import hashlib
import base64
string='''
//<![CDATA[
var theForm = document.forms['ctl00'];
if (!theForm) {
theForm = document.ctl00;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
'''
# encode as UTF-8
string_UTF8 = string.encode('utf-8')
# hash the message
hash_string = hashlib.sha256(string_UTF8).digest()
# base64 encode
result = base64.b64encode(hash_string)
print('sha256-' + result.decode('utf-8'))
我怎样才能用 JavaScript 做到这一点?
const string = `
//<![CDATA[
var theForm = document.forms['ctl00'];
if (!theForm) {
theForm = document.ctl00;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
`
async function hashFromString(string) {
const hash = await crypto.subtle.digest("SHA-256", (new TextEncoder()).encode(string))
return "sha256-" + btoa(String.fromCharCode(...new Uint8Array(hash)))
}
hashFromString(string).then(console.log)编辑:我现在意识到,虽然您的问题中没有说明,但您可能正在使用 Node.js,因此使用浏览器 API 的答案可能用处不大。