diff --git a/src/UI/Areas/Identity/Pages/_Layout.cshtml b/src/UI/Areas/Identity/Pages/_Layout.cshtml
index 95b76376..a145bd6e 100644
--- a/src/UI/Areas/Identity/Pages/_Layout.cshtml
+++ b/src/UI/Areas/Identity/Pages/_Layout.cshtml
@@ -67,7 +67,7 @@
asp-fallback-src="~/Identity/lib/jquery/dist/jquery.min.js"
asp-fallback-test="window.jQuery"
crossorigin="anonymous"
- integrity="sha384-K+ctZQ+LL8q6tP7I94W+qzQsfRV2a+AfHIi9k8z8l9ggpc8X+Ytst4yBo/hH+8Fk">
+ integrity="sha384-tsQFqpEReu7ZLhBV2VZlAu7zcOV+rXbYlF2cqB8txI/8aZajjp4Bqd+V6D5IgvKT">
diff --git a/test/Identity.Test/CdnScriptTaghelperTests.cs b/test/Identity.Test/CdnScriptTaghelperTests.cs
new file mode 100644
index 00000000..b9a65a32
--- /dev/null
+++ b/test/Identity.Test/CdnScriptTaghelperTests.cs
@@ -0,0 +1,111 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Net.Http;
+using System.Security.Cryptography;
+using System.Text.RegularExpressions;
+using System.Threading.Tasks;
+using Xunit;
+using Xunit.Abstractions;
+
+namespace Microsoft.AspNetCore.Identity.Test
+{
+ public class CdnScriptTagTests
+ {
+ private readonly ITestOutputHelper _output;
+
+ public CdnScriptTagTests(ITestOutputHelper output)
+ {
+ _output = output;
+ }
+
+ [Fact]
+ public async Task IdentityUI_ScriptTags_SubresourceIntegrityCheck()
+ {
+ var slnDir = GetSolutionDir();
+ var sourceDir = Path.Combine(slnDir, "src", "UI");
+ var cshtmlFiles = Directory.GetFiles(sourceDir, "*.cshtml", SearchOption.AllDirectories);
+
+ var scriptTags = new List();
+ foreach (var cshtmlFile in cshtmlFiles)
+ {
+ scriptTags.AddRange(GetScriptTags(cshtmlFile));
+ }
+
+ Assert.NotEmpty(scriptTags);
+
+ var shasum = new Dictionary(StringComparer.OrdinalIgnoreCase);
+ using (var client = new HttpClient())
+ {
+ foreach (var script in scriptTags)
+ {
+ if (shasum.ContainsKey(script.Src))
+ {
+ continue;
+ }
+
+ using (var resp = await client.GetStreamAsync(script.Src))
+ using (var alg = SHA384.Create())
+ {
+ var hash = alg.ComputeHash(resp);
+ shasum.Add(script.Src, "sha384-" + Convert.ToBase64String(hash));
+ }
+ }
+ }
+
+ Assert.All(scriptTags, t =>
+ {
+ Assert.True(shasum[t.Src] == t.Integrity, userMessage: $"Expected integrity on script tag to be {shasum[t.Src]} but it was {t.Integrity}. {t.FileName}");
+ });
+ }
+
+ private struct ScriptTag
+ {
+ public string Src;
+ public string Integrity;
+ public string FileName;
+ }
+
+ private static readonly Regex _scriptRegex = new Regex(@"