How to create Base64 encode SHA256 string in Javascript?
Question:
I want to log script hashes to implement content security policy. I have been able to generate the hash in python with the following code:
import hashlib
import base64
string='''
//<![CDATA[
var theForm = document.forms['ctl00'];
if (!theForm) {
theForm = document.ctl00;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
'''
# encode as UTF-8
string_UTF8 = string.encode('utf-8')
# hash the message
hash_string = hashlib.sha256(string_UTF8).digest()
# base64 encode
result = base64.b64encode(hash_string)
print('sha256-' + result.decode('utf-8'))
How can I do this with Javascript?
Answers:
I ended up using this JQuery plugin https://github.com/angeal185/jquery-hash
The following code gets the correct answer:
<script>
var s = "n//<![CDATA[nvar theForm = document.forms['ctl00'];nif (!theForm) {n theForm = document.ctl00;n}nfunction __doPostBack(eventTarget, eventArgument) {n if (!theForm.onsubmit || (theForm.onsubmit() != false)) {n theForm.__EVENTTARGET.value = eventTarget;n theForm.__EVENTARGUMENT.value = eventArgument;n theForm.submit();n }n}n//]]>n"
$.hash(s, '256', 'base64',function(i){
console.log(i)
});
</script>
const string = `
//<![CDATA[
var theForm = document.forms['ctl00'];
if (!theForm) {
theForm = document.ctl00;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
`
async function hashFromString(string) {
const hash = await crypto.subtle.digest("SHA-256", (new TextEncoder()).encode(string))
return "sha256-" + btoa(String.fromCharCode(...new Uint8Array(hash)))
}
hashFromString(string).then(console.log)
Edit: I realize now that while not stated in your question it’s likely that you are using Node.js therefor this answer that uses browser APIs may be of less use.
const string = `
//<![CDATA[
var theForm = document.forms['ctl00'];
if (!theForm) {
theForm = document.ctl00;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
`
async function hashFromString(string) {
const hash = await crypto.subtle.digest("SHA-256", (new TextEncoder()).encode(string))
return "sha256-" + btoa(String.fromCharCode(...new Uint8Array(hash)))
}
hashFromString(string).then(console.log)
I want to log script hashes to implement content security policy. I have been able to generate the hash in python with the following code:
import hashlib
import base64
string='''
//<![CDATA[
var theForm = document.forms['ctl00'];
if (!theForm) {
theForm = document.ctl00;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
'''
# encode as UTF-8
string_UTF8 = string.encode('utf-8')
# hash the message
hash_string = hashlib.sha256(string_UTF8).digest()
# base64 encode
result = base64.b64encode(hash_string)
print('sha256-' + result.decode('utf-8'))
How can I do this with Javascript?
I ended up using this JQuery plugin https://github.com/angeal185/jquery-hash
The following code gets the correct answer:
<script>
var s = "n//<![CDATA[nvar theForm = document.forms['ctl00'];nif (!theForm) {n theForm = document.ctl00;n}nfunction __doPostBack(eventTarget, eventArgument) {n if (!theForm.onsubmit || (theForm.onsubmit() != false)) {n theForm.__EVENTTARGET.value = eventTarget;n theForm.__EVENTARGUMENT.value = eventArgument;n theForm.submit();n }n}n//]]>n"
$.hash(s, '256', 'base64',function(i){
console.log(i)
});
</script>
const string = `
//<![CDATA[
var theForm = document.forms['ctl00'];
if (!theForm) {
theForm = document.ctl00;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
`
async function hashFromString(string) {
const hash = await crypto.subtle.digest("SHA-256", (new TextEncoder()).encode(string))
return "sha256-" + btoa(String.fromCharCode(...new Uint8Array(hash)))
}
hashFromString(string).then(console.log)
Edit: I realize now that while not stated in your question it’s likely that you are using Node.js therefor this answer that uses browser APIs may be of less use.
const string = `
//<![CDATA[
var theForm = document.forms['ctl00'];
if (!theForm) {
theForm = document.ctl00;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
//]]>
`
async function hashFromString(string) {
const hash = await crypto.subtle.digest("SHA-256", (new TextEncoder()).encode(string))
return "sha256-" + btoa(String.fromCharCode(...new Uint8Array(hash)))
}
hashFromString(string).then(console.log)