{"id":20976583,"url":"https://github.com/dethos/inlinehashes","last_synced_at":"2025-05-14T14:31:34.516Z","repository":{"id":42516179,"uuid":"468868274","full_name":"dethos/inlinehashes","owner":"dethos","description":"Hash generator for HTML inline styles and scripts ","archived":false,"fork":false,"pushed_at":"2024-03-20T16:42:53.000Z","size":116,"stargazers_count":6,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-09-21T09:17:04.919Z","etag":null,"topics":["content-security-policy","csp","hacktoberfest","hashing","python"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dethos.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2022-03-11T19:01:00.000Z","updated_at":"2024-05-04T07:38:04.000Z","dependencies_parsed_at":"2023-02-14T12:02:24.566Z","dependency_job_id":"79cf0255-faa6-499b-8593-5c22705e8150","html_url":"https://github.com/dethos/inlinehashes","commit_stats":{"total_commits":25,"total_committers":3,"mean_commits":8.333333333333334,"dds":0.24,"last_synced_commit":"11b6bb3caad49c8fee23b6c35d97e281f55c1697"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dethos%2Finlinehashes","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dethos%2Finlinehashes/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dethos%2Finlinehashes/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dethos%2Finlinehashes/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dethos","download_url":"https://codeload.github.com/dethos/inlinehashes/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225297830,"owners_count":17452010,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["content-security-policy","csp","hacktoberfest","hashing","python"],"created_at":"2024-11-19T04:54:37.244Z","updated_at":"2024-11-19T04:54:37.685Z","avatar_url":"https://github.com/dethos.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"Inlinehashes\n============\n\nA small tool and library to generate the hashes of inline content that needs to be whitelisted when serving an HTML document\nwith a `Content-Security-Policy \u003chttps://developer.mozilla.org/en-US/docs/Web/HTTP/CSP\u003e`_ (because, as the name indicates,\nusing ``unsafe-inline`` is not recommended).\n\nYou provide the HTML content (directly or through a file path/URL) then ``inlinehashes`` will parse the document and provide\nyou with a list of elements that need to be explicitly added to the CSP header/tag.\n\nThe tool can be specially useful for scenarios where you use/include external software solutions in your website or application\n(such as a 3rd party CMS, etc), since it will allow you to detect changes after updates and edit you CSP accordingly.\n\n*Quick note: Always verify the content you are whitelisting and be careful when fetching live website data, since any existing\nXSS code will be included in the results.*\n\n**At the moment this package is still in a very early stage, so it still doesn't detect all possible items and the current API\nmight change with future releases.**\n\nInline content that is currently detected:\n\n* ``\u003cscript\u003e\u003c/script\u003e`` tags\n* ``\u003cstyle\u003e\u003c/style\u003e`` tags\n* Many event handlers defined in element/tag attributes\n* Styles defined directly in the element/tag using the ``style`` attribute\n\n\nInstallation\n------------\n\nUsing pip you just need to ``pip install inlinehashes``\n\nUsage\n-----\n\nThe package can be used through 2 different ways, either by using the CLI interface or programmatically in your python project.\nBellow you can find a quick summary of the available functionality.\n\nCLI app\n.......\n\nThis is the available functionality:\n\n.. code::\n\n  usage: inlinehashes [-h] [-a {sha256,sha384,sha512}] [-o {table,json,plain}] [-t {all,script-src,style-src}] source\n\n  positional arguments:\n    source                URL or local HTML file to check\n\n  options:\n    -h, --help            show this help message and exit\n    -a {sha256,sha384,sha512}, --alg {sha256,sha384,sha512}\n                          Hash algorithm to use (default: sha256)\n    -o {table,json,plain}, --output {table,json,plain}\n                          Format used to write the output (default: table)\n    -t {all,script-src,style-src}, --target {all,script-src,style-src}\n                          Target inline content to look for (default: all)\n\nHere is an example of the output:\n\n.. code::\n\n    $inlinehashes https://ovalerio.net -a sha384 -o json\n    [\n      {\n        \"content\": \"\\n      html {\\n        height: 100%;\\n      }\\n      \",\n        \"hash\": \"sha384-Ku20lQH5qbr4EDPzXD2rf25rEHJNswNYRUNMPjYl7jCe0eHJYDe0gFdQpnKkFUTv\",\n        \"directive\": \"style-src\",\n        \"line\": 12,\n        \"position\": 0\n      }\n    ]\n\n\nLibrary\n.......\n\nHere is the same example, but using python's shell:\n\n.. code:: python\n\n    \u003e\u003e\u003e import requests\n    \u003e\u003e\u003e import inlinehashes\n    \u003e\u003e\u003e content = requests.get(\"https://ovalerio.net\").text\n    \u003e\u003e\u003e inlines = inlinehashes.parse(content)\n    \u003e\u003e\u003e inlines\n    [Inline(line='17', position='0')]\n    \u003e\u003e\u003e first = inlines[0]\n    \u003e\u003e\u003e first.short_content\n    '\\n      html {\\n        height: 100%;\\n      }\\n      '\n    \u003e\u003e\u003e first.sha256\n    'sha256-aDiwGOuSD1arNOxmHSp89QLe81yheSUQFjqpWHYCpRY='\n    \u003e\u003e\u003e first.sha384\n    'sha384-Ku20lQH5qbr4EDPzXD2rf25rEHJNswNYRUNMPjYl7jCe0eHJYDe0gFdQpnKkFUTv'\n    \u003e\u003e\u003e first.sha512\n    'sha512-cBO6RNy87Tx3HmpXRZUs/DPxGq9ZOqIZ9cCyDum0kNZeLEWVvW5DtYFRmHcQawnAoWeeRmll4aJeLXTb2OLBlA=='\n    \u003e\u003e\u003e first.content\n    '\\n      html {\\n        height: 100%;\\n      }\\n      body {\\n        background-image: url(\"data:image/png;base64,iVBORw0KGgoAAAANS...'\n\nContributions\n-------------\n\nAll contributions and improvements are welcome.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdethos%2Finlinehashes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdethos%2Finlinehashes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdethos%2Finlinehashes/lists"}