[9:44 AM] dckc:: SRI only works for <script> and . [9:47 AM] dckc:: <script> does seem to work within data: ... so one could construct a data: URI that uses <script> with subresource integrity to securely fetch js (which would in turn supply HTML, CSS, etc.). .. [9:47 AM] dckc:: so yes, that's technically sufficient to do secure content-addressable storage retrieval... [9:47 AM] dckc:: but the UX isn't much better than having people install a browser add-on [9:48 AM] dckc:: now a browser-add-on that would verify web pages based on on-chain info would be straightforward
rchain/RevVault.rho at dev · rchain/rchain https://github.com/rchain/rchain/blob/dev/casper/src/main/resources/RevVault.rho#L193-L196
Issues · rchain/rchain https://github.com/rchain/rchain/issues
(RNExt-01) - Event processing framework · Issue #13 · rchain/rchip-proposals rchain/rchip-proposals#13
liquid-democracy/Ballot.rho at ocap-review · rchain-community/liquid-democracy https://github.com/rchain-community/liquid-democracy/blob/ocap-review/Ballot.rho
NotaryInspector · dckc/awesome-ocap Wiki https://github.com/dckc/awesome-ocap/wiki/NotaryInspector
Content-addressable storage - Wikipedia https://en.wikipedia.org/wiki/Content-addressable_storage
Subresource Integrity | npm.io https://npm.io/search/keyword:Subresource+Integrity
Subresource Integrity - Web security | MDN https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
data: URI Generator https://dopiaza.org/tools/datauri/index.php
Data URLs - HTTP | MDN https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URIs
Blocking Top-Level Navigations to data URLs for Firefox 59 - Mozilla Security Blog https://blog.mozilla.org/security/2017/11/27/blocking-top-level-navigations-data-urls-firefox-59/
Editing sri-test.js https://gist.github.com/dckc/19bd24318fbe762ef2c388b95a28d969/edit
Cross-Origin Read Blocking (CORB) - Chrome Platform Status https://www.chromestatus.com/feature/5629709824032768