Checksum validation for better security

Open nileshtrivedi opened this issue 4 years ago • 1 comments

Loading third-party scripts via a loader gives us an opportunity to do checksum validation and avoid exploits made by bad third-party code. Idea is from this Twitter thread:

The checksum could be a self-descriptive multihash for future-proofing.

Dec 10 '21 19:12 nileshtrivedi

This could be achieved by adding support for Subresource Integrity to script.js

Apr 05 '22 14:04 tosmolka