Protecting Your Customers By Using Subresource Integrity


3rd October, 2018

Protecting Your Customers By Using Subresource Integrity

In June 2018, customers of Ticketmaster had their details compromised because of third-party library used to power their Chatbot AI. Ticketmaster themselves were not targeted, but the library provided by was.

Because the library was included on every page, it was able to "see" what was being inputted into the Ticketmaster website.

This kind of attack could have been easily prevented, by checking the integrity of the third party library using Subresource Integrity (SRI). In short, SRI allows you to specify the expected hash of the library. This means if you are loading in a library and you specify its hash to be "abc123" it will load normally. But if the script is changed (it only takes a character change for the hash to change), the script will fail to load because the hash did not match the expected value.


arrow pointer