{{ $resource := . | fingerprint -}}
{{ $integrity := $resource.Data.Integrity -}}
{{- $sri := string ($integrity | htmlUnescape | safeHTML) -}}
{{- $shasum := strings.TrimPrefix "sha256-" $sri -}}
The above discussion stated that --minify
is the only way that is providing a much stable outcome and both pipelined functions and minify paths are showing inconsistencies.
Another weird pattern is that when the same algorithm is deployed across all the <script>
tags, they are all presenting some weird values.
This is correct. All output must be HTMLEscape for safety reason. In that case, is --minify
providing an unsafe HTML SRI value?
Note that this ticket is marked to be closed within 2 days due to system.
@razon, 我制造不出您的成果(如图)。但我需要上Sha512才能出产HTMLEscape的符号。这是运用您的代码。
为有的差别就是我在Linux和运用hugo v0.111.2-4164f8fef9d71f50ef3962897e319ab6219a1dad
。有差错吗?
Translation to English:
I cannot re-produce your reported error as stated (Please refer to screenshots). Moreover, I have to upgrade to SHA-512
in order to produce those HTML escapable symbols. I’m only using your provided codes.
The only differences are: I’m using Linux
and hugo v0.111.2-4164f8fef9d71f50ef3962897e319ab6219a1dad
. What are the differences on your side?
这是view-source
(查看代码), 不是Chrome的Inspector (f12 控制台)。目前您的代码证明不需要任何Partial功能可以直接处理SRI。
Translate to English:
This is view-source
(for checking source code), not the Chrome’s F12 Inspector Console. At the moment, your source codes only proven there is no need for other partial processing functions and can render the SRI directly.
hollowaykeanho:
2023-07-22-13-03-361569×351 57.3 KB
这个是要显示目前所有的JS可以运用。
Translate to English:
This is to show all the JS are working.
我试过了,即使 SHA512 也一样的,按理说,后面那串是 base64-encoded 字符串,应该不需要转义。
或者你看看配置是否开启了 minify,又或者试试我的版本:
$ hugo version
hugo v0.115.4-dc9524521270f81d1c038ebbb200f0cfa3427cc5+extended linux/amd64 BuildDate=2023-07-20T06:49:57Z VendorInfo=gohugoio
我试过了,即使 SHA512 也一样的,按理说,后面那串是 base64-encoded 字符串,应该不需要转义。
或者你看看配置是否开启了 minify,又或者试试我的版本:
$ hugo version
hugo v0.115.4-dc9524521270f81d1c038ebbb200f0cfa3427cc5+extended linux/amd64 BuildDate=2023-07-20T06:49:57Z VendorInfo=gohugoio
Translate request to English:
I tried; even with SHA512, the base64-encoded should require HTML Escape.
Or you can try minify
and my hugo version.
两者都一样。看来您哪里要忙了。XD
hugo server --noBuildLock \
--disableFastRender \
--port 8080 \
--renderToDisk \
起动命令有分别吗?
没有minify:
有Minify:
(Translate to English)
Both are the same, looks like you might need to get busy. (First picture without minify).
hugo server --noBuildLock \
--disableFastRender \
--port 8080 \
--renderToDisk \
Any differences with the server command?
Sorry on my part. When I attempting to root cause the problem and clarify with both of you, apparently, I couldn’t reproduce the issue they are having.
It seems that the inconsistency issue is not related to SRI rendering but something else. We’re working on root causing the problem.
So far, I can use the SRI directly without needing any additional functions be it page rendering or actual value insertion. OP somehow got his/her generated SRI that is always HTML Escaped from the start which is undesirable.
Yeap. I have moved up to OP’s Hugo version and used his/her --minify
workaround. The inconsistencies are still there (I don’t produce the HTML Escaped one; OP keep producing HTML Escaped version). Both of us are using the same Hugo version and test codes for now:
$ hugo version
hugo v0.115.4-dc9524521270f81d1c038ebbb200f0cfa3427cc5+extended linux/amd64 BuildDate=2023-07-20T06:49:57Z VendorInfo=gohugoio
UPDATE (from below):
Same server command as well.