Approved
Last Updated: 26 Jun 2019 09:25 by ADMIN

There is a bug with combining scripts and resources:

Combined CDN Request for Telerik Controls

You can reproduce the issue in the attached web site sample.

Approved
Last Updated: 07 Oct 2019 18:35 by John
ADMIN
Created by: Rumen
Comments: 3
Category: ScriptManager
Type: Feature Request
3
Subresource Integrity is a fairly new security scheme for protecting against malicious script obtained from third-party source (CDNs). It requires that the script tag include a hash of the script content so the browser can verify that it has not been altered.

Telerik controls generate a bunch of script tags for cloudfront.net. It would be swell if the script tags would include the extra attributes necessary to implement subresource integrity. Is this in the roadmap? 

Mozilla provides a security analysis tool which highlights this issue. Look at the results for telerik.com here -> https://observatory.mozilla.org/analyze/www.telerik.com. 

More info available on 
https://infosec.mozilla.org/guidelines/web_security#subresource-integrity
https://www.w3.org/TR/SRI/