Hacker News new | ask | show | jobs
by lwf 3926 days ago
This protects you from providers that go rogue or are compromised after you enable their JS.

It also lets you use CloudFront as a CDN for your own JS without having to trust them to serve the content as you described it, if you calculate your hashes based on the scripts you sent them.
1 comments
Macha 3925 days ago
The parent poster's point is about providers that tell you to include script A which then loads X and Y. Knowing A can't change isn't very helpful in this situation as X and Y could change.
link