Please implement the "signature" <script> attribute proposal




6 years ago
6 years ago


(Reporter: costan, Unassigned)



Firefox Tracking Flags

(Not tracked)


(Whiteboard: DUPEME)



6 years ago
A common advice for improving the load time of a Web application is offloading assets such as JavaScript to CDNs. While having many sites point to the same CDN is great for page load times, it can have terrible consequences if the CDN gets hacked.

Please consider implementing the following proposal for offering a way to ensure that the script that gets executed on a page is the script that the page author intended to have executed.
This has been proposed before... Worth checking the archives for the arguments that were made against it then.
Whiteboard: DUPEME

Comment 2

6 years ago
Cross-referencing with Chrome's bug tracker:

:bz can you please point me to the previous proposal? I did some cursory searches and couldn't find anything :(
Don't have a link offhand.  If you can't find it in the whatwg and public-html archives, then I might just be misremembering.

Comment 4

6 years ago
:bz I was only able to find this MSDN page, which looks like a very different old proposal.

Maybe this is what you had in mind?
No, that's not it.
You need to log in before you can comment on or make changes to this bug.