Y
Hacker News
new
|
ask
|
show
|
jobs
by
HPsquared
522 days ago
For truly locked-down environments that's the way to go. You can only be sure the code will always be the same if it's 100% local and offline, or verifying signatures somehow.
2 comments
mattigames
522 days ago
You can verify signatures of JS and CSS files to make sure they are only loaded if they are exactly what you expect them to be by using the "integrity" parameter, see
https://developer.mozilla.org/en-US/docs/Web/Security/Subres...
link
kopirgan
522 days ago
Yeah. Guess it'll involve some trade off in terms of UI.
link