|
|
|
|
|
|
by xtrapolate
2756 days ago
|
|
|
> "SRI has been available for two years and it still isn't being used enough." Two years is relatively fresh. There's probably a significant amount of customers with browsers that don't support this. Can't we just implement a simple poor-man's SRI ourselves? Download the 3rd-party script, hash it, check hash, proceed to exec() if all is well? This should be supported by much older browsers. |
|
|