| http://www.w3.org/ns/prov#value | - Another idea is to disallow any Javascript inclusion below the head tag -which is the toughest to control in case of an XSS- therby making sure all Javascript inclusions are only done in the head, and they may not be dymanically be altered: so signing them is an option.
|
