Y
Hacker News
new
|
ask
|
show
|
jobs
by
abhorrence
3924 days ago
Yes, however if they can change the contents of the HTML they can probably modify CSP headers, which means they can just deliver whatever payload they want directly and wouldn't need to modify the integrity hashes.