Bear with me, I may have asked this question in a botched way.
So I need some JavaScript code that creates a signature of JavaScript that is stored in a string.
Here is an example:
presignature = "<script>alert("test")</script>;
I need this JavaScript code that is stored in presignature to be made into signature. I was thinking I could just keep on replacing the string with common uses of javascript (like changing "alert" to "a").
Any clues or tips?
Not a signature, however a Content Security Policy allows you to whitelist JavaScript for execution in your page by including a SHA-256, SHA-384 or SHA-512 hash.
e.g. to allow <script>alert('Hello, world.');</script> you would include the following HTTP response header:
Content-Security-Policy: script-src 'sha256-sha256-qznLcsROx4GACP2dm0UCKCzCG-HiZ1guq6ZZDob_Tng='
Anything not matching would not be executed by supported browsers.
You can also use this to find out the expected hash of a script in development by opening development tools in Chrome and examining error messages on any mismatch.
It depends what you're trying to acheive - would a hash value be enough, or do you actually require a signature?
A snippit of javascript is a string, so it can be passed to a crypto library to get signed just like any other string.
Try googling "javascript crypto library" and see if you like any of the libraries that come up. Any crypto library will have signature functionality.
