- From: François REMY <francois.remy.dev@outlook.com>
- Date: Sat, 10 Aug 2013 05:12:56 +0200
- To: Chris Adams <chris@chrisadams-studios.com>, Chris <chris@cbojar.net>
- CC: public-html WG <public-html@w3.org>
> This is an interesting concept but something else to consider: what is > to prevent someone from from "lying" about which script they are > referencing? > > e.g. <script library="jQuery" version="1.0" > src="/somethingNotjQuery.js<http://codeorigin.jquery.com/jquery-1.10.2.min.js>"></script> You can't. This is why this won't happen, at least not like that. The only option for this would be to provides a cryptographically strong hash of the file as the version, but this prevents minor fixes (ie using 1.1 instead of 1.0 where the release only fix bugs). The other option is to have a server you trust and which can download the best files for you. A kind of local CDN+cache, in some way.
Received on Saturday, 10 August 2013 03:13:23 UTC