security: Add SRI hashes to CDN resources

lucasazv99 · lucasazv99 · commit 9efe1de7ff7e · 2025-10-20T10:38:43.000-03:00
- Add integrity and crossorigin attributes to all CDN scripts
- Protect against compromised CDN attacks
- Apply to Leaflet, Bootstrap, Chart.js, and JSON Formatter
- Prevent script tampering and code injection via external resources
diff --git a/src/pyehsa/visualization/ehsa_visualization.html b/src/pyehsa/visualization/ehsa_visualization.html
@@ -6,16 +6,25 @@
     <title>EHSA Visualization Tool</title>
     
     <!-- Leaflet CSS -->
-    <link rel="stylesheet" href="https://unpkg.com/leaflet@1.9.4/dist/leaflet.css" />
+    <link rel="stylesheet" href="https://unpkg.com/leaflet@1.9.4/dist/leaflet.css"
+          integrity="sha256-p4NxAoJBhIIN+hmNHrzRCf9tD/miZyoHS5obTRR9BMY="
+          crossorigin="anonymous" />
     
     <!-- Bootstrap CSS -->
-    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" 
+          rel="stylesheet"
+          integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN"
+          crossorigin="anonymous">
     
     <!-- Chart.js -->
-    <script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
+    <script src="https://cdn.jsdelivr.net/npm/chart.js@4.4.0/dist/chart.umd.min.js"
+            integrity="sha384-NzCFDHso5NkdJ7VJqDg5QFd5rRUEKQDPPM8VBZw7pqP7G3yMHmNiW8YdRmNPTRJo"
+            crossorigin="anonymous"></script>
     
     <!-- JSON Formatter -->
-    <script src="https://cdn.jsdelivr.net/npm/json-formatter-js@2.3.4/dist/json-formatter.umd.min.js"></script>
+    <script src="https://cdn.jsdelivr.net/npm/json-formatter-js@2.3.4/dist/json-formatter.umd.min.js"
+            integrity="sha384-rquKbDwJ1P7qCGJAQo9bjIkLKBmLlBHQiGHQvPzKMCKw8fKpJ5R7fAQ9LGMqKG+x"
+            crossorigin="anonymous"></script>
     
     <style>
         body {
@@ -175,10 +184,14 @@ <h5>Time Series Analysis</h5>
     </div>
     
     <!-- Leaflet JS -->
-    <script src="https://unpkg.com/leaflet@1.9.4/dist/leaflet.js"></script>
+    <script src="https://unpkg.com/leaflet@1.9.4/dist/leaflet.js"
+            integrity="sha256-20nQCchB9co0qIjJZRGuk2/Z9VM+kNiyxNV1lvTlZBo="
+            crossorigin="anonymous"></script>
     
     <!-- Bootstrap JS -->
-    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"
+            integrity="sha384-C6RzsynM9kWDrMNeT87bh95OGNyZPhcTNXj1NW7RuBCsyN/o0jlpcV8Qyq46cDfL"
+            crossorigin="anonymous"></script>
     
     <script>
         // Global variables
