|
|
|
|
|
|
by Dyaz17
2553 days ago
|
|
|
You are right. SRI is the best solution and I mention it in the FAQ. Unfortunately, it can't always be implemented. See my previous comment : Well many companies that offer you a service don't include the Subresource integrity Tag.
Check for instance Stripe : <script src="https://js.stripe.com/v3"></script> or Facebook : <script async defer src="https://connect.facebook.net/en_US/sdk.js"></script> If they offer you a javascript and it has to change frequently to fix bugs, for instance, they don't want to be bothered with having to coordinate with all their customers to change the subresource integrity tag... In this case, our service could be an alternative. |
|
|