If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Please implement the "signature" <script> attribute proposal

UNCONFIRMED
Unassigned

Status

()

Core
General
UNCONFIRMED
5 years ago
5 years ago

People

(Reporter: Victor Costan, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: DUPEME)

(Reporter)

Description

5 years ago
A common advice for improving the load time of a Web application is offloading assets such as JavaScript to CDNs. While having many sites point to the same CDN is great for page load times, it can have terrible consequences if the CDN gets hacked.

Please consider implementing the following proposal for offering a way to ensure that the script that gets executed on a page is the script that the page author intended to have executed.

https://www.w3.org/Bugs/Public/show_bug.cgi?id=20789
This has been proposed before... Worth checking the archives for the arguments that were made against it then.
Whiteboard: DUPEME
(Reporter)

Comment 2

5 years ago
Cross-referencing with Chrome's bug tracker: http://crbug.com/172553

:bz can you please point me to the previous proposal? I did some cursory searches and couldn't find anything :(
Don't have a link offhand.  If you can't find it in the whatwg and public-html archives, then I might just be misremembering.
(Reporter)

Comment 4

5 years ago
:bz I was only able to find this MSDN page, which looks like a very different old proposal.
http://msdn.microsoft.com/en-us/library/ms970704.aspx

Maybe this is what you had in mind?
No, that's not it.
You need to log in before you can comment on or make changes to this bug.