diff --git a/src/UI/Areas/Identity/Pages/_Layout.cshtml b/src/UI/Areas/Identity/Pages/_Layout.cshtml
index 95b763762fe9..a145bd6e13f0 100644
--- a/src/UI/Areas/Identity/Pages/_Layout.cshtml
+++ b/src/UI/Areas/Identity/Pages/_Layout.cshtml
@@ -67,7 +67,7 @@
asp-fallback-src="~/Identity/lib/jquery/dist/jquery.min.js"
asp-fallback-test="window.jQuery"
crossorigin="anonymous"
- integrity="sha384-K+ctZQ+LL8q6tP7I94W+qzQsfRV2a+AfHIi9k8z8l9ggpc8X+Ytst4yBo/hH+8Fk">
+ integrity="sha384-tsQFqpEReu7ZLhBV2VZlAu7zcOV+rXbYlF2cqB8txI/8aZajjp4Bqd+V6D5IgvKT">
diff --git a/test/Identity.Test/CdnScriptTaghelperTests.cs b/test/Identity.Test/CdnScriptTaghelperTests.cs
new file mode 100644
index 000000000000..b9a65a320cb8
--- /dev/null
+++ b/test/Identity.Test/CdnScriptTaghelperTests.cs
@@ -0,0 +1,111 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Collections.Generic;
+using System.IO;
+using System.Net.Http;
+using System.Security.Cryptography;
+using System.Text.RegularExpressions;
+using System.Threading.Tasks;
+using Xunit;
+using Xunit.Abstractions;
+
+namespace Microsoft.AspNetCore.Identity.Test
+{
+ public class CdnScriptTagTests
+ {
+ private readonly ITestOutputHelper _output;
+
+ public CdnScriptTagTests(ITestOutputHelper output)
+ {
+ _output = output;
+ }
+
+ [Fact]
+ public async Task IdentityUI_ScriptTags_SubresourceIntegrityCheck()
+ {
+ var slnDir = GetSolutionDir();
+ var sourceDir = Path.Combine(slnDir, "src", "UI");
+ var cshtmlFiles = Directory.GetFiles(sourceDir, "*.cshtml", SearchOption.AllDirectories);
+
+ var scriptTags = new List();
+ foreach (var cshtmlFile in cshtmlFiles)
+ {
+ scriptTags.AddRange(GetScriptTags(cshtmlFile));
+ }
+
+ Assert.NotEmpty(scriptTags);
+
+ var shasum = new Dictionary(StringComparer.OrdinalIgnoreCase);
+ using (var client = new HttpClient())
+ {
+ foreach (var script in scriptTags)
+ {
+ if (shasum.ContainsKey(script.Src))
+ {
+ continue;
+ }
+
+ using (var resp = await client.GetStreamAsync(script.Src))
+ using (var alg = SHA384.Create())
+ {
+ var hash = alg.ComputeHash(resp);
+ shasum.Add(script.Src, "sha384-" + Convert.ToBase64String(hash));
+ }
+ }
+ }
+
+ Assert.All(scriptTags, t =>
+ {
+ Assert.True(shasum[t.Src] == t.Integrity, userMessage: $"Expected integrity on script tag to be {shasum[t.Src]} but it was {t.Integrity}. {t.FileName}");
+ });
+ }
+
+ private struct ScriptTag
+ {
+ public string Src;
+ public string Integrity;
+ public string FileName;
+ }
+
+ private static readonly Regex _scriptRegex = new Regex(@"]*src=""(?'src'http[^""]+)""[^>]*integrity=""(?'integrity'[^""]+)""([^>]*)>", RegexOptions.Multiline);
+
+ private IEnumerable GetScriptTags(string cshtmlFile)
+ {
+ string contents;
+ using (var reader = new StreamReader(File.OpenRead(cshtmlFile)))
+ {
+ contents = reader.ReadToEnd();
+ }
+
+ var match = _scriptRegex.Match(contents);
+ while (match != null && match != Match.Empty)
+ {
+ var tag = new ScriptTag
+ {
+ Src = match.Groups["src"].Value,
+ Integrity = match.Groups["integrity"].Value,
+ FileName = Path.GetFileName(cshtmlFile)
+ };
+ yield return tag;
+ _output.WriteLine($"Found script tag in '{tag.FileName}', src='{tag.Src}' integrity='{tag.Integrity}'");
+ match = match.NextMatch();
+ }
+ }
+
+ private static string GetSolutionDir()
+ {
+ var dir = new DirectoryInfo(AppContext.BaseDirectory);
+ while (dir != null)
+ {
+ if (File.Exists(Path.Combine(dir.FullName, "Identity.sln")))
+ {
+ break;
+ }
+ dir = dir.Parent;
+ }
+ return dir.FullName;
+ }
+ }
+}
\ No newline at end of file