Comment by HPsquared
6 days ago
For truly locked-down environments that's the way to go. You can only be sure the code will always be the same if it's 100% local and offline, or verifying signatures somehow.
6 days ago
For truly locked-down environments that's the way to go. You can only be sure the code will always be the same if it's 100% local and offline, or verifying signatures somehow.
You can verify signatures of JS and CSS files to make sure they are only loaded if they are exactly what you expect them to be by using the "integrity" parameter, see https://developer.mozilla.org/en-US/docs/Web/Security/Subres...
Yeah. Guess it'll involve some trade off in terms of UI.