On Wed, Feb 28, 2018 at 10:10 PM, Michael Niedermayer <mich...@niedermayer.cc> wrote: > On Wed, Feb 28, 2018 at 09:52:19PM +0200, Jan Ekström wrote: >> On Wed, Feb 28, 2018 at 7:17 PM, Michael Niedermayer >> <mich...@niedermayer.cc> wrote: >> > + <script src="https://widget.battleforthenet.com/widget.js"; >> > async></script> >> >> Please use >> https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity >> . That way this third-party entity will only get loaded if the content >> matches a known checksum. Even better, host it locally. > > As the widget is activly developed, this is not easy > for example there where multiple commits to its repository in the last > 24h >
Looking at how much it got updated the last time when it misbehaved shows really well how that worked the last time. Sorry if I sound facetious, but I do use ffmpeg-all.html a lot and it got /really/ irritating. Best regards, Jan _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
