I have a test page on local on 9180 port, which is loading JS from another port to simulate different domain.
<html>
<head>
<script src="http://localhost:8080/myscript.js" integrity="jRIKARJybgWRWqQslhFC5boBExY7MBLvUpMWYpuXuL1sDqCCp2Gd"></script>
</head>
<body>
Testing SRI
</body>
myscript.js
alert('Hello');
On running this on browser, I see error on console, but alert is still fired
Error parsing 'integrity' attribute ('jRIKARJybgWRWqQslhFC5boBExY7MBLvUpMWYpuXuL1sDqCCp2Gd'). The hash algorithm must be one of 'sha256', 'sha384', or 'sha512', followed by a '-' character.
Am I missing something? Or its due to local that browser is allowing script to be executed.
Since (as the error message says) the integrity attribute value itself is invalid, the browser isn't enforcing it.