Open kraenhansen opened 3 weeks ago
To help developers secure themselves against code injection attacks through CDNs (https://unpkg.com/ in our case), I suggest we derive a hash of the IIFE bundle (following instructions on https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) and including this as the integrity on the script-tag in our README.md.
integrity
➤ PM Bot commented:
Jira ticket: RJS-2851
To help developers secure themselves against code injection attacks through CDNs (https://unpkg.com/ in our case), I suggest we derive a hash of the IIFE bundle (following instructions on https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) and including this as the
integrity
on the script-tag in our README.md.