Idea Summary

Our applications are outgrown the intranet-stage and become a source for pentesters, ethical hackers and alike.

Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match. Why not applying integrity tags to e.g. jquery libraries when fetching them from a CDN.

Use Case
Using CDNs comes with a risk, in that if an attacker gains control of a CDN, the attacker can inject arbitrary malicious content into files on the CDN (or replace the files completely) and thus can also potentially attack all sites that fetch files from that CDN.

Preferred Solution (Optional)
https://www.w3.org/TR/SRI/

When a developer selects a CDN (e.g. Google), the script tags that are rendered should include the integrety attributes. You could also make the a choice for the developer.