This is not against MITM attacks
Contrary what the article implies, this technology has obviously not been developed to thwart primarily MITM attacks, because it can't defend against those in general.
That said there are some MITM attacks it can prevent, but those are only a very specific and small subset, where the man in the middle can manipulate only the external resources, but not the referring page. But the typical proxy, corporate or ISP level MITM attacks will still work, because the attacker can also manipulate the HTML file with the hash values in it to match those of the manipulated script files'.
On the other side this is completely anti-web, because it effectively kills the dynamic nature of the web, which is the very essence of it. With the hash check in place change to the develivery and representation of the external resources (to adapt to for ex. bandwidth or device constraints) will not be possible anymore, let alone talk about applying bug fixes, correcting typos or other kinds of well-intentioned modifications.
Actually, it's kinda pointless, because if someone is so much worried about the modification of external resources, then they should just host the resources themselves, which would prevent any and all kind of MITM (and any other type of attacks, for that matter) that this technique can be effective against, but which wouldn't require new browsers or extensions to actually do that.
Biting the hand that feeds IT
