That’s not what I’m proposing at all. I merely propose that websites only run their own code.
Out of curiosity, do you believe that other applications ecosystems (mobile, desktop) should also prevent developers from using any third-party code?
-
-
To be fair, web is more nuanced in that mobile/desktop (usually
) doesn’t equate “third-party libraries” to “dynamically fetch and execute code from servers you may have zero control over”. -
This would be a more meaningful distinction if developers re-reviewed third-party libraries every time they rebuild their applications. Otherwise you still entrust the integrity of your application to someone else's code/infrastructure.
-
And note that a script fetched from the same origin as the application is no way a guarantee that it's a "first-party" script because, um, server-side proxying? ;-)
End of conversation
New conversation -
-
-
Dynamically, yes. Statically, which you can more or less achieve with SRI on the web, I’m more OK with.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
