Open Bug 835213 Opened 12 years ago Updated 3 years ago

Please implement the "signature" <script> attribute proposal

Categories

(Core :: General, defect)

Product:
Core
Component:
General
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: costan, Unassigned)

Details

(Whiteboard: DUPEME)

A common advice for improving the load time of a Web application is offloading assets such as JavaScript to CDNs. While having many sites point to the same CDN is great for page load times, it can have terrible consequences if the CDN gets hacked. Please consider implementing the following proposal for offering a way to ensure that the script that gets executed on a page is the script that the page author intended to have executed. https://www.w3.org/Bugs/Public/show_bug.cgi?id=20789
This has been proposed before... Worth checking the archives for the arguments that were made against it then.
Whiteboard: DUPEME
Cross-referencing with Chrome's bug tracker: http://crbug.com/172553 :bz can you please point me to the previous proposal? I did some cursory searches and couldn't find anything :(
Don't have a link offhand. If you can't find it in the whatwg and public-html archives, then I might just be misremembering.
:bz I was only able to find this MSDN page, which looks like a very different old proposal. http://msdn.microsoft.com/en-us/library/ms970704.aspx Maybe this is what you had in mind?
No, that's not it.
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.