Addenda:
to limit malleability, 197 OP_NOPs may be on the scriptSig following the signature.
The OP_DEPTH check prevents any other pushdatas. The NOPs also prevent any other codeseparator being placed.
POST_SEP = [
OP_DEPTH,
OP_1,
OP_EQUALVERIFY,
OP_DUP,
pubkey,
OP_CHECKSIGVERIFY] + [OP_NOP]*197
B’d signature’s scriptcode is comitted to. It also seems not possible to sneakily inject another copy of the signature itself somewhere, relying on FindAndDelete, since there is no way to drop it before the second stack size check (in the scriptPubKey) executes.
edit: we also put the OP_NOP’s at the end, so that the signature cannot be placed arbitrarily in the OP_NOP segment.
I believe this prevents the issue that B could be caused to be spent spuriously as long as someone is willing to e.g. front the money to pay for whatever other outputs. It seems with this change, B can be sure that their scriptSig cannot be modified by a third party.
Edit: This prevents that if there is a checksig in the scriptSig, it must match this template. But it does not seem to require that the scriptSig must be a match to this template. E.g., you could drop all the other scriptSig logic entirely to just have the sig on the stack. This seems inherent.