Hacker News new | ask | show | jobs
by makomk 2075 days ago
As far as anyone's been able to tell, I think the third party JavaScript files were hosted on the same BA server as the website itself, so subresource integrity wouldn't help - the hacker could just change the tags loading the JS so that the integrity checks passed.
1 comments
dkdk8283 2075 days ago
If this is true then they should’ve moved JS to a CDN or something and used SRI.
link