Comment by spankalee
4 hours ago
Enabling the `integrity ` attribute on iframes would help: https://github.com/w3c/webappsec-subresource-integrity/issue...
But then you'd also want the frame content to use `integrity` on nested resoures.
CSP frame-src can help for now.
No comments yet
Contribute on Hacker News ↗