
Third party CSS is not safe - youngtaff
https://jakearchibald.com/2018/third-party-css-is-not-safe/
======
Piskvorrr
Also, if there's a known-trusted resource, go for
[https://developer.mozilla.org/en-
US/docs/Web/Security/Subres...](https://developer.mozilla.org/en-
US/docs/Web/Security/Subresource_Integrity) \- if the resource changes, it
will fail to load. If unchanged, offload to a CDN, if fails, serve locally.
Multiple identifiers allowed, which mitigates second preimage attacks.

~~~
jaffathecake
I added this to the article, thanks!

