Script Checks PCI DSS

  • Published on Apr 1, 2025
  • 2 minute(s) read
Prev Next

Nexudus checks the integrity of the following scripts to be compliant with the PCI DSS 4.0.

Nexudus script checks

We check the following scripts provided by Nexudus.

app.js

Allows clients to customize the functionality of their Member Portal. SRI is not possible on this inline script that location administrators can edit.

Portal scripts

Covers all scripts that have a source starting with "/v4_portal". These are in- built scripts for the Member Portal which provide functionality to the app. SRI isnot required as they are all in-built within the app.

NextJS scripts

Covers all scripts that have a source starting with "/_next/static". These are in-built scripts for NextJS which provide functionality to the app. SRI is not required as they are all in-built within the app.

Third-party scripts

We also check the following third-party scripts as part of the PCI DSS compliance.

Google Maps scripts

Covers all scripts that have a source starting with "https://maps.googleapis.com". These are provided by Google and each import a Google Maps related module which provides some map related functionality. SRI is not possible on these scripts, as Google does not currently provide static versions of the scripts.

Archilogic script

https://code.archilogic.com/fpe-sdk/v3.1.7/fpe.js
https://code.archilogic.com/fpe-sdk/v3.1.7/fpe.css

This script provides floor plan functionality related to Archilogic app. As part of PCI DSS compliance, script has been hard coded to version 3.1.7 from 3.1.x and integrity and crossorigin attributes were added.

Stripe payments

https://js.stripe.com/v3
This script provides payment processing functionality through Stripe. Currently SRI is not supported by Stripe.

Babel script

https://unpkg.com/@babel/standalone@7.10.2/babel.min.js - Provides Babel functionality, including custom component loading. Version was already set to 7.10.2, SRI added to ensure integrity of script.

Microsoft Teams Script

https://unpkg.com/@microsoft/teams-js@2.24.0/dist/MicrosoftTeams.min.js

Provides Microsoft Teams SSO functionality in version 2.24.0. SRI added to ensure integrity of script.

Bootstrap Tags Input Script

https://cdnjs.cloudflare.com/ajax/libs/bootstrap-tagsinput/0.8.0/bootstrap-tagsinput.js

Provides an input component that allows an array of tags to be saved in version 0.8.0 and above. SRI added to ensure integrity of script.

jquery script for SignalR

/js/jquery.signalR-2.4.3.min.js

Provides jQuery shim required for SignalR websocket functionality.

SignalR script

/js/signalr.js?v=6
Client side SignalR script. Provides all SignalR default functionality.

SignalR Hubs script

https://spaces.nexudus.com/signalr/hubs
Provides hub connections to back-end websockets.

Braintree Gateway scripts

https://js.braintreegateway.com/web/3.97.1/js/client.min.js

https://js.braintreegateway.com/web/3.97.1/js/three-d-secure.js
https://js.braintreegateway.com/web/3.97.1/js/hosted-fields.min.js

Provide Braintree Gateway payment functionality. SRI added through function within the code.

Spreedly Core Script

https://core.spreedly.com/iframe/iframe-v1.min.js

Provides Spreedly iframe and payment functionality. Required for secure tokenization of cardholder data, including PAN and CVV, as part of the overall payment flow.

Klarna Script

https://x.klarnacdn.net/kp/lib/v1/api.js

Provides Klarna payment functionality. SRI added through function in code.

ePay script

https://ssl.ditonlinebetalingssystem.dk/integration/ewindow/paymentwindow.js

Provides ePay payment method functionality. Only added if ePay is enabled. Script source is not versioned which means no SRI.

RazorPay script

https://checkout.razorpay.com/v1/checkout.js

Provides RazorPay payment method functionality. Only added if RazorPay is enabled. Script source is not versioned which means no SRI.

Forte script

https://checkout.forte.net/v1/js

Provides Forte payment method functionality. Only added if Forte is enabled. Script source is not versioned which means no SRI.

Midtrans scripts

https://app.midtrans.com/snap/snap.js
https://app.sandbox.midtrans.com/snap/snap.js

Provides Midtrans payment method functionality. Only added if Midtrans is enabled. Script source is not versioned which means no SRI.

Related articles
  • PCI DSS 4.0
    ✨ Product Updates
  • Subprocessors
    Legal
  • Editing the app.js File
    Members Portal > Members Portal Customization > Members Portal Advanced Customization > Advanced Customization of Version 3 & 4 of the Members Portal > Editing Built-in Files