In my AJAX web applications I am using RadScriptManager. However, it seems that the "integrity" directive is not supported by RadScriptReference.
E.g.:
<telerik:RadScriptManager ID="RadScriptManager1" runat="server">
<Scripts>
<telerik:RadScriptReference Path="https://code.jquery.com/jquery-3.7.1.js" integrity="sha384-NdBrHQkGhjPzZhn" crossorigin="anonymous" />
<telerik:RadScriptReference Path="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous" />
</Scripts>
</telerik:RadScriptManager>
Hi Roger,
Thank you for your feature request.
After thorough evaluation, we must decline this request as implementing SRI (integrity and crossorigin attributes) support in RadScriptReference is not technically feasible due to limitations in the Microsoft ASP.NET WebForms framework.
Why this cannot be implemented:
The RadScriptReference class inherits from Microsoft's System.Web.UI.ScriptReference, which does not expose integrity or crossorigin properties. Since the base ASP.NET ScriptManager doesn't support SRI attributes, RadScriptManager cannot add this functionality without framework-level changes from Microsoft.
As Microsoft has stated in their IIS Support Blog, WebForms is considered complete with no new features being added, so these properties will not be added to the base framework.
Workarounds:
- For external libraries (jQuery, etc.): Register scripts manually in your Master Page using standard
<script>tags with integrity attributes:<script src="https://code.jquery.com/jquery-3.7.1.min.js" integrity="sha384-..." crossorigin="anonymous"></script> - For Telerik resources: Set up a Custom Local CDN to host Telerik scripts locally, reducing reliance on external CDNs. Note: This does not add SRI attributes but eliminates the external dependency.
- Download external resources locally and serve them from your application
We understand this is not the answer you were hoping for, but we believe it's important to provide clarity on the technical constraints involved.
Regards,
Rumen
Progress Telerik
- All
- Completed (3234)
- Declined (915)
- Duplicated (31)
- In Development (1)
- Pending Review (1)
- Under Review (1)
- Unplanned (966)
- Won't Fix (312)
- All
- UI for ASP.NET AJAX
- AIPrompt
- Ajax
- AjaxLoadingPanel
- AjaxPanel
- AsyncUpload
- AutoCompleteBox
- Avatar
- Badge
- Barcode
- BinaryImage
- Breadcrumb
- Button
- Calendar
- Captcha
- Card
- Chat
- CheckBox
- Chip
- ChipList
- ClientDataSource
- ClientExportManager
- CloudUpload
- ColorPicker
- ComboBox
- Compression
- DataForm
- DataPager
- DateInput
- DatePicker
- DateRangePicker
- DateTimePicker
- DeviceDetectionFramework
- Diagram
- Dock
- DragDropManager
- Drawer
- DropDownList
- DropDownTree
- Editor
- FileExplorer
- Filter
- FloatingActionButton
- FormDecorator
- Gantt
- Gauge
- Grid
- HtmlChart
- ImageButton
- ImageEditor
- ImageGallery
- Input
- InputManager
- Installer and VS Extensions
- Label
- Licensing
- LightBox
- LinkButton
- ListBox
- ListView
- Map
- MaskedTextBox
- MediaPlayer
- Menu
- MonthYearPicker
- MultiColumnComboBox
- MultiSelect
- Navigation
- Notification
- NuGet feed
- NumericTextBox
- ODataDataSource
- OrgChart
- OTPInput
- PageLayout
- PanelBar
- PdfViewer
- PersistenceFramework
- PivotGrid
- ProgressArea
- ProgressBar
- PushButton
- Rating
- RibbonBar
- Rotator
- Scheduler
- ScriptManager
- SearchBox
- Signature
- SiteMap
- SkinManager
- Slider
- SocialShare
- SpeechToTextButton
- Spell
- SplitButton
- Splitter
- Spreadsheet
- Stepper
- StyleSheetManager
- Switch
- TabStrip
- TagCloud
- Theme Builder
- Ticker
- TileList
- TimeLine
- TimePicker
- ToggleButton
- ToolBar
- ToolTip
- TreeList
- TreeMap
- TreeView
- Visual Style Builder
- Window
- Wizard
- XmlHttpPanel