- From: Ahmed Saleh <ahmedzs@live.ca>
- Date: Mon, 27 Jul 2015 20:53:14 -0400
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Wednesday, 29 July 2015 22:28:19 UTC
Hi Sir/Madam,Due to the public exposed nature of JavaScript and HTML code to browsers and clients, it’s not protected from people who can steal or manipulate the responded code from servers. Therefore, I have suggestion solve this situation. We can make all known browsers to have a specific signature (Hash) and a website would only work for a list of given signatures which represent all known browsers.So on my website I can check for the current browser that’s trying to connect with me as a server and decide if it’s valid based on its signature and continue the connection if the signature is found in my data list(of browsers[name&version]-signature/hash key-value pairs) or not if invalid and the signature is not found in my list of signature of all known browsers and terminate the connection. The browsers on the other hand, could respond to meta tags on my website such as <meta immutable> which prevents websites from being mutated by plugins, and <meta protected> which protects source code from view.Thank you,
Received on Wednesday, 29 July 2015 22:28:19 UTC