Re: CfC: Subresource Integrity (SRI) to Last Call? from Joel Weinberger on 2015-04-23 (public-webappsec@w3.org from April 2015)

From: Joel Weinberger <jww@chromium.org>
Date: Thu, 23 Apr 2015 17:01:49 +0000
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Austin William Wright <aaa@bzfx.net>, Devdatta Akhawe <dev.akhawe@gmail.com>, Frederik Braun <fbraun@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAHQV2KmkTQ2-mUJ_g6QwkZh+R_e7f5er0gxWLv2oJ3nZ6AyWag@mail.gmail.com>

On Thu, Apr 23, 2015 at 9:51 AM Anne van Kesteren <annevk@annevk.nl> wrote:

> On Wed, Apr 22, 2015 at 3:48 PM, Joel Weinberger <jww@chromium.org> wrote:
> > FWIW, it would not be difficult for Chrome to switch back to the ni:///
> > syntax, so I don't think we should make that a blocker on using it.
>
> As per
> https://lists.w3.org/Archives/Public/public-webappsec/2015Jan/0200.html
> and other emails I wrote on the subject I'm opposed to switching back.
> URLs add a layer of abstraction to the processing model that is not
> warranted and for which there is no precedent. The precedent worth
> following here is CSP and HTML's existing approach to syntax within
> attributes.
>
For a further clarification, I agree whole heartedly with Anne's analysis.
I just didn't want to give the false impression that the Chrome
implementation should be a blocker on discussing this.

>
>
> --
> https://annevankesteren.nl/
>

Received on Thursday, 23 April 2015 17:02:18 UTC