We have submitted a new application which got rejected due to the Wasp!
This is the reason.
Insecure code was found in config/iparams.html:L10
- Rule ID: html.security.audit.missing-integrity.missing-integrity
- Description: This tag is missing an ‘integrity’ subresource integrity attribute. The ‘integrity’ attribute allows for the browser to verify that externally hosted files (for example from a CDN) are delivered without unexpected manipulation. Without this attribute, if an attacker can modify the externally hosted resource, this could lead to XSS and other types of attacks. To prevent this, include the base64-encoded cryptographic hash of the resource (file) you’re telling the browser to fetch in the ‘integrity’ attribute for all externally hosted files.
- Severity: WARNING
- Confidence: LOW
And I’m using crayons for this.
How do I overcome this?
Thanks in advance.