You're proposing an app store that happens to use http. That's not the web platform.
Sadly, file-only scripts don't help security in the general case because of all the issues developers have with setting safe script-src whitelists: JSONP endpoints, libraries with gadgets (e.g. Angular), responses with user-controllable prefixes, or file uploads.
-
-
SRI for external scripts is also a useful concept, but often not adoptable because many services change the contents of their scripts depending on user configuration and other factors. If a static, SRI-locked script did the job you could just host it same-origin instead.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.