Hacker News new | past | comments | ask | show | jobs | submit login
Third party CSS is not safe (jakearchibald.com)
16 points by youngtaff on Feb 27, 2018 | hide | past | favorite | 2 comments



Also, if there's a known-trusted resource, go for https://developer.mozilla.org/en-US/docs/Web/Security/Subres... - if the resource changes, it will fail to load. If unchanged, offload to a CDN, if fails, serve locally. Multiple identifiers allowed, which mitigates second preimage attacks.


I added this to the article, thanks!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: