ian at hixie.ch
Tue Feb 4 15:59:59 PST 2014
On Sat, 14 Dec 2013, Some Developer wrote:
> and run by a third party which means the control and security of the
> server is out of the hands of the website owner. If the CDN is hacked or
> In order to overcome this problem I propose that a new attribute is
> added to the <script> tag which allows the website owner to specify a
> downloaded from the CDN by the browser it does not match the SHA512 hash
> warning to the user that the file has been modified and that it should
> be considered as malicious.
How common is this problem? Are there really sufficiently large numbers of
people who use trusted computers to serve one part of their application,
but use comparatively untrusted computers to serve subresources, to
warrant such a feature? Presumably, anyone using shared hosting or a colo
with a private server would be no more able to trust their primary server
as their CDN. (Or equivalently, they'd be no less able to trust their CDN
than their primary server.)
Does anyone do this manually today? It would be relatively straight-
forward to use CORS-enabled XHR to obtain the remote script, and then
check the hash manually using script obtained from the primary server, and
only eval the script if it matched. If nobody is doing this today, this
probably indicates it's not a high priority for the platform. On the other
hand, if people _are_ doing this, then that's a good indication that we
should add it.
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg