5

I want to log script hashes to implement content security policy. I have been able to generate the hash in python with the following code:

import hashlib
import base64

string='''
//<![CDATA[
var theForm = document.forms['ctl00'];
if (!theForm) {
    theForm = document.ctl00;
}
function __doPostBack(eventTarget, eventArgument) {
    if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
        theForm.__EVENTTARGET.value = eventTarget;
        theForm.__EVENTARGUMENT.value = eventArgument;
        theForm.submit();
    }
}
//]]>
'''
# encode as UTF-8
string_UTF8 = string.encode('utf-8')

# hash the message
hash_string = hashlib.sha256(string_UTF8).digest()

# base64 encode
result = base64.b64encode(hash_string)

print('sha256-' + result.decode('utf-8'))

How can I do this with Javascript?

Improve this question
2
  • take a look here: stackoverflow.com/questions/37128276/… Commented Oct 7, 2021 at 14:55
  • That looks like it would work, but I specifically want to do this on the fly, in a web browser, for scripts on the loaded page. Commented Oct 7, 2021 at 18:02

2 Answers 2

Reset to default
8 

const string = `
//<![CDATA[
var theForm = document.forms['ctl00'];
if (!theForm) {
    theForm = document.ctl00;
}
function __doPostBack(eventTarget, eventArgument) {
    if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
        theForm.__EVENTTARGET.value = eventTarget;
        theForm.__EVENTARGUMENT.value = eventArgument;
        theForm.submit();
    }
}
//]]>
`

async function hashFromString(string) {
    const hash = await crypto.subtle.digest("SHA-256", (new TextEncoder()).encode(string))
    return "sha256-" + btoa(String.fromCharCode(...new Uint8Array(hash)))
}

hashFromString(string).then(console.log)

Edit: I realize now that while not stated in your question it's likely that you are using Node.js therefor this answer that uses browser APIs may be of less use.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Exactly what I was looking for and no need for JQuery plugins
0

I ended up using this JQuery plugin https://github.com/angeal185/jquery-hash The following code gets the correct answer:

<script>
  var s = "\n//<![CDATA[\nvar theForm = document.forms['ctl00'];\nif (!theForm) {\n    theForm = document.ctl00;\n}\nfunction __doPostBack(eventTarget, eventArgument) {\n    if (!theForm.onsubmit || (theForm.onsubmit() != false)) {\n        theForm.__EVENTTARGET.value = eventTarget;\n        theForm.__EVENTARGUMENT.value = eventArgument;\n        theForm.submit();\n    }\n}\n//]]>\n"
  $.hash(s, '256', 'base64',function(i){
  console.log(i)
  });
</script>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.