-
@cramforce @addyosmani @sebmarkbage @luke_wagner Most attacks brought up in hillbrad.github.io/sri-addressable-caching/sri-addressable-caching.html are only valid if SRI is open to “uniquely identifiable” scripts, yet the general motivation is to use SRI for broadly used scripts (i.e., roughly what’s on developers.google.com/speed/libraries/). Would it make sense to limit to known hashes?On twitter.com
❤️ 1 Favorite Mood 0