W3C home > Mailing lists > Public > public-html@w3.org > August 2013

Re: [Feature Proposal] New attributes "library" and "version" on script tags

From: Glenn Adams <glenn@skynav.com>
Date: Sun, 11 Aug 2013 06:19:07 -0600
Message-ID: <CACQ=j+foR9rwY5QArcg-hfujarsJUa2rA1uD7wDRN2GbkR00dg@mail.gmail.com>
To: "Patrick H. Lauke" <redux@splintered.co.uk>
Cc: HTML WG LIST <public-html@w3.org>
I haven't noticed anyone mention CSP 1.1 and the nonce attribute yet [1].
 Sounds like folks (talking about security matters) should be looking there
first instead of inventing something else. Though I admit that CSP is not
explicitly dealing with caching semantics as such, but fetching semantics.

[1]
https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#usage-4


On Sun, Aug 11, 2013 at 1:07 AM, Patrick H. Lauke <redux@splintered.co.uk>wrote:

> On 11/08/2013 07:38, Andrew Herrington wrote:
>
>> Could this also be used with CSS (twitter bootstrap) and web component
>> imports (twitter / Facebook feeds)?
>>
>
> And bitmap images, SVG files, anything really?
>
> On first reading, there are many aspects I'm personally not a fan of
> (browsers shipping with JS libraries pre-seeded, and the emphasis on just
> JS), but as a more generalised principle, I could imagine something along
> the lines of:
>
> - no pre-seeding
> - every asset downloaded and cached by the browser gets some form of
> hash/checksum/digital fingerprint (leaving the discussion of how to do this
> effectively without clashes aside for a minute)
> - as part of the request to the server, the browser also receives a
> hash/checksum for the file being sent as part of the initial connection
> negotiation and/or head request
> - if the browser thinks that a file that is about to be downloaded is
> already present in its own cache (hash/checksum matches, expire headers all
> ok, etc), it uses its cached version rather than carry on with downloading
> (regardless of origin?)
>
> P
> --
> Patrick H. Lauke
> ______________________________**______________________________**__
> re·dux (adj.): brought back; returned. used postpositively
> [latin : re-, re- + dux, leader; see duke.]
>
> www.splintered.co.uk | www.photographia.co.uk
> http://redux.deviantart.com | http://flickr.com/photos/**redux/<http://flickr.com/photos/redux/>
> ______________________________**______________________________**__
> twitter: @patrick_h_lauke | skype: patrick_h_lauke
> ______________________________**______________________________**__
>
>
Received on Sunday, 11 August 2013 12:19:55 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:16:34 UTC