From c31f3d251b08da924fa8b75033ec57fe307537d4 Mon Sep 17 00:00:00 2001
From: Nicolas F <ovdev@fratti.ch>
Date: Fri, 19 May 2017 08:43:49 +0200
Subject: [PATCH] Use cdnjs with SRI and HTTPS for all CDN JS files

SRI means that there's a lesser risk for XSS, and CDNJS itself
recommends always requesting them over HTTPS in their "About" page.

This closes #133
---
 nyaa/templates/layout.html | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/nyaa/templates/layout.html b/nyaa/templates/layout.html
index 2965049..b2cbedc 100644
--- a/nyaa/templates/layout.html
+++ b/nyaa/templates/layout.html
@@ -30,9 +30,9 @@
 		<link href="/static/css/main.css" rel="stylesheet">
 
 		<!-- Core JavaScript -->
-		<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
-		<script src="//maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
-		<script src="//cdnjs.cloudflare.com/ajax/libs/commonmark/0.27.0/commonmark.min.js"></script>
+		<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js" integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4=" crossorigin="anonymous"></script>
+		<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha256-U5ZEeKfGNOja007MMD3YBI0A3OSZOQbeG6z2f2Y0hu8=" crossorigin="anonymous"></script>
+		<script src="https://cdnjs.cloudflare.com/ajax/libs/commonmark/0.27.0/commonmark.min.js" integrity="sha256-10JreQhQG80GtKuzsioj0K46DlaB/CK/EG+NuG0q97E=" crossorigin="anonymous"></script>
 		<!-- Modified to not apply border-radius to selectpickers and stuff so our navbar looks cool -->
 		<script src="/static/js/bootstrap-select.js"></script>
 		<script src="/static/js/main.js"></script>