meta-code-verify icon indicating copy to clipboard operation
meta-code-verify copied to clipboard
verified publisher icon facebookincubator

processJSWithSrc vs malicious server?

Open canning-duck opened this issue 3 years ago • 0 comments

Hello,

As far as i understand, processJSWithSrc() fetches the source URL from the server to verify the code. How do we know that the same exact script will be loaded in the page? Theorically, a malicious server could provide two different versions.

canning-duck avatar Mar 30 '22 11:03 canning-duck