## Server Use The minification should either follow a set standard so that browsers eventually have the chance to comply, or a javascript file should be included that allows the browser to verify the hash and signature programmitically. This project is attempting to make such resources available. ``` html ``` ### Step 1 Remove textContent ``` html ``` ### Step 2 Remove Variables ``` html ``` Because we are including CSS and Javascript content as part of the hash, with the exception of variables, we can also take out the id and classes. ### Step 3 Remove Empty CSS Tags, ids, classes ``` html ``` ### Step 4 Pass through html-minifier ``` html ``` ### Step 5 InnerHTML is extracted from the parent component. Building the template on the server side: ``` javascript let elems = document.querySelector(".HashTML") for(elem in elems){ let inner = elem.innerHTML let hash = inner.hash("sha256") let signature = privateKey.sign(hash) elem[integrity=hash] elem[signature=signature] } ``` The resulting html component: ``` html ``` Verifying the hash and signature on client side could either produce an alert on failing to load, silently fail to load the resource, or could provide a fallback: ``` javascript let elem = document.querySelector("#HashTML") let inner = minify(elem.innerHTML) let hash = inner.hash("sha256") if(hash !== elem[integrity]){ alert('webpage has been compromised!') } let verified = verify(hash, signature) if(verified !== true){ alert('webpage has been compromised!') } ```