Comment by vbs_redlof
15 hours ago
What I'd really like to see is some kind of iframe that pins JS/wasm code within it to a particular bundle hash and prevents modification at runtime (even from chrome extensions).
Something more like a TEE inside the browser of sorts. Not sure if there is anything like this.
Author of the linked post here. This is actually a pretty interesting idea, I'll pass it to the team.
Enabling the `integrity ` attribute on iframes would help: https://github.com/w3c/webappsec-subresource-integrity/issue...
But then you'd also want the frame content to use `integrity` on nested resoures.
CSP frame-src can help for now.