Hey, I'm building an on prem solution and had a question regarding this. Would it still be a problem if the third party was someone like segment whose open source analytics library you're using?
https://github.com/segmentio/analytics.js
Well from what I understand it's that third party scripts are a problem because they may behave maliciously and gain access to parts of the application. If the third party script is an open source project, doesn't that mitigate this?
Doesn't prevent a malicious/compromised third party from serving code other than what's in the source. I think an acceptable mitigation might be subresource integrity though, so you can lock it to a known-good version of a script?
