代码生成器与模板来源治理（白名单-哈希-签名）最佳实践

实现示例const allowOrigins = new Set<string>(['https://templates.example.com','https://cdn.example.com']) function originAllowed(u: string): boolean { try { const x = new URL(u); return x.protocol === 'https:' && allowOrigins.has(x.origin) } catch { return false } } function parseSri(integrity: string): { alg: 'sha256'; b64: string } | null { const m = /^sha256-([A-Za-z0-9+/=]+)$/.exec(integrity) return m ? { alg: 'sha256', b64: m[1] } : null } async function sha256Base64(buf: Uint8Array): Promise<string> { const d = await crypto.subtle.digest('SHA-256', buf) return Buffer.from(d).toString('base64') } async function fetchText(u: string): Promise<string> { const r = await fetch(u, { cache: 'no-store' }) return r.text() } async function verifyTemplate(u: string, integrity: string): Promise<boolean> { if (!originAllowed(u)) return false const sri = parseSri(integrity) if (!sri) return false const t = await fetchText(u) const calc = await sha256Base64(Buffer.from(t)) return calc === sri.b64 } 审计与运行治理审计模板来源与哈希；仅允许白名单来源与匹配哈希的模板。模板更新需审批与版本化管理。