[Bug 20789] Signature (cryptographic hash) attribute for <script>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=20789

--- Comment #4 from Victor Costan <costan@gmail.com> ---
@David: The intent of this proposal is to protect against compromised /
malicious CDN servers. I do not want to restrict the user's ability to run code
in their browser.

I'm not sure the HTML5 specification should cover the operation of developer
tools, but if that is the case, signature checking should only occur when the
script is fetched from a remote source (file://, http://, https:// etc.), or
from a cache for a remote source.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Monday, 28 January 2013 03:03:30 UTC