Y
Hacker News
new
|
ask
|
show
|
jobs
by
sp332
3662 days ago
Caches are nice though. Compromise and make sure it's checked against a hash provided by the first party?
2 comments
Spivak
3662 days ago
As long as you use subresource integrity we have a deal! I know it's currently experimental but having native browser support is much more palatable than using JS to check the hash.
link
hueving
3662 days ago
Then ensure that it can't communicate with the domain it's loaded from.
link