On Wed, Feb 28, 2018 at 09:52:19PM +0200, Jan Ekström wrote: > On Wed, Feb 28, 2018 at 7:17 PM, Michael Niedermayer > <mich...@niedermayer.cc> wrote: > > + <script src="https://widget.battleforthenet.com/widget.js"; > > async></script> > > Please use > https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity > . That way this third-party entity will only get loaded if the content > matches a known checksum. Even better, host it locally.
As the widget is activly developed, this is not easy for example there where multiple commits to its repository in the last 24h [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB No snowflake in an avalanche ever feels responsible. -- Voltaire
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
