Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The browser could submit a special query to get the hash for victim.com/evil.js before running it. If victim.com returns the same hash, it's clean, if it doesn't respond, or responds with a different hash, fail in the same way as if a CDN had modified it.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: