I want to log script hashes to implement content security policy. I have been able to generate the hash in python with the following code:
import hashlib
import base64
string='''
//<![CDATA[
var theForm = document.forms['ctl00'];
if (!theForm) {
theForm = document.ctl00;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
'''
# encode as UTF-8
string_UTF8 = string.encode('utf-8')
# hash the message
hash_string = hashlib.sha256(string_UTF8).digest()
# base64 encode
result = base64.b64encode(hash_string)
print('sha256-' + result.decode('utf-8'))
How can I do this with Javascript?
I want to log script hashes to implement content security policy. I have been able to generate the hash in python with the following code:
import hashlib
import base64
string='''
//<![CDATA[
var theForm = document.forms['ctl00'];
if (!theForm) {
theForm = document.ctl00;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
'''
# encode as UTF-8
string_UTF8 = string.encode('utf-8')
# hash the message
hash_string = hashlib.sha256(string_UTF8).digest()
# base64 encode
result = base64.b64encode(hash_string)
print('sha256-' + result.decode('utf-8'))
How can I do this with Javascript?
Share Improve this question edited Oct 7, 2021 at 18:58 cmdln asked Oct 7, 2021 at 14:50 cmdlncmdln 972 silver badges9 bronze badges 2- take a look here: stackoverflow./questions/37128276/… – Binzari Catalin Commented Oct 7, 2021 at 14:55
- That looks like it would work, but I specifically want to do this on the fly, in a web browser, for scripts on the loaded page. – cmdln Commented Oct 7, 2021 at 18:02
2 Answers
Reset to default 8
const string = `
//<![CDATA[
var theForm = document.forms['ctl00'];
if (!theForm) {
theForm = document.ctl00;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
`
async function hashFromString(string) {
const hash = await crypto.subtle.digest("SHA-256", (new TextEncoder()).encode(string))
return "sha256-" + btoa(String.fromCharCode(...new Uint8Array(hash)))
}
hashFromString(string).then(console.log)Edit: I realize now that while not stated in your question it's likely that you are using Node.js therefor this answer that uses browser APIs may be of less use.
I ended up using this JQuery plugin https://github./angeal185/jquery-hash The following code gets the correct answer:
<script>
var s = "\n//<![CDATA[\nvar theForm = document.forms['ctl00'];\nif (!theForm) {\n theForm = document.ctl00;\n}\nfunction __doPostBack(eventTarget, eventArgument) {\n if (!theForm.onsubmit || (theForm.onsubmit() != false)) {\n theForm.__EVENTTARGET.value = eventTarget;\n theForm.__EVENTARGUMENT.value = eventArgument;\n theForm.submit();\n }\n}\n//]]>\n"
$.hash(s, '256', 'base64',function(i){
console.log(i)
});
</script>