Hacker News new | ask | show | jobs
by sillysaurus2 4622 days ago
If your concern is the host operator, well obv can't circumvent that.

Of course we can circumvent that. Make a plugin to alert the user whenever the JS changes.
1 comments
voltagex_ 4622 days ago
What do you base your initial known good JS on though? What is the user supposed to do with the information that the JS has changed? A diff of minified JS isn't that helpful.
link
sillysaurus2 4622 days ago
The author would say "the current version is 0.6.4 and its JS hashes to this SHA256 hash: xxx"

Open source already does this for binaries. Why not JS?

This assumes it's even possible to get a consistent hash of all javascript executing on a page, though.

link
mike-cardwell 4621 days ago
Script on a site like this should not be minified. It should be easily readable and well commented, so that people can audit it properly.
link