Page MenuHomeSealhub

Stimulus controller to attach custom signed inline code
Open, NormalPublic3 Points

Description

Create a Stimulus controller that allows attaching custom code like so:

<div data-controller="signed-inline" signed-onclick="/* SIGNATURE=SHA-256:68b329da9893e34099c7d8ad5cb9c940 */ alert('hello')">
</div>

The signature is generated server-side with RSA/SHA-256. The stimulus controller should first validate the code, and if it's properly signed, attach the event handler (onclick in this example case) with the code wrapped in eval.

Checking the signature requires knowledge of the public key used for signing. The key should be expected to be available as base64 in a global variable SIGNED_INLINE_PUBLIC_KEY

Also create a function to be used server-side that takes code to sign and the private key and properly creates a string with the signed code

Event Timeline

kuba-orlik updated the task description. (Show Details)
kuba-orlik changed the point value for this task from 2 to 3.