代码生成器与模板来源治理（白名单-哈希-签名）最佳实践

实现示例const allowOrigins = new Set<string>(['https://templates.example.com','https://cdn.example.com'])

function originAllowed(u: string): boolean {

try { const x = new URL(u); return x.protocol === 'https:' && allowOrigins.has(x.origin) } catch { return false }

}

function parseSri(integrity: string): { alg: 'sha256'; b64: string } | null {

const m = /^sha256-([A-Za-z0-9+/=]+)$/.exec(integrity)

return m ? { alg: 'sha256', b64: m[1] } : null

}

async function sha256Base64(buf: Uint8Array): Promise<string> {

const d = await crypto.subtle.digest('SHA-256', buf)

return Buffer.from(d).toString('base64')

}

async function fetchText(u: string): Promise<string> {

const r = await fetch(u, { cache: 'no-store' })

return r.text()

}

async function verifyTemplate(u: string, integrity: string): Promise<boolean> {

if (!originAllowed(u)) return false

const sri = parseSri(integrity)

if (!sri) return false

const t = await fetchText(u)

const calc = await sha256Base64(Buffer.from(t))

return calc === sri.b64

}

审计与运行治理审计模板来源与哈希；仅允许白名单来源与匹配哈希的模板。模板更新需审批与版本化管理。