Checksum validation for better security
Opened this issue · 1 comments
nileshtrivedi commented
Loading third-party scripts via a loader gives us an opportunity to do checksum validation and avoid exploits made by bad third-party code. Idea is from this Twitter thread:
The checksum could be a self-descriptive multihash for future-proofing.
tosmolka commented
This could be achieved by adding support for Subresource Integrity to script.js