> "SRI has been available for two years and it still isn't being used enough." T... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		xtrapolate on Nov 29, 2018 \| parent \| context \| favorite \| on: Major sites running unauthenticated JavaScript on ... > "SRI has been available for two years and it still isn't being used enough." Two years is relatively fresh. There's probably a significant amount of customers with browsers that don't support this. Can't we just implement a simple poor-man's SRI ourselves? Download the 3rd-party script, hash it, check hash, proceed to exec() if all is well? This should be supported by much older browsers.

jmngomes on Nov 29, 2018 [–]

Actually, IE and iOS Safari are lagging but other major browsers seem to have support for SRI for quite some time: https://caniuse.com/#search=sri

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact