|
|
|
|
|
|
by kybernetikos
2285 days ago
|
|
|
Subresource Integrity allows the HTML file to insist that the js file hasn't changed. I guess it would be possible to download and run the html file from your own machine. Alternatively, it would be possible to create a service worker that uses a local copy and makes much more of a deal about files changing - it could always confirm changes with the user before allowing a change. Security sensitive apps should probably be doing this. |
|
|
Even native app packagers and languages can suffer from this when loading libraries dynamically (from search-path or symlink manipulation for example).