- From: Francois Marier <francois@mozilla.com>
- Date: Thu, 29 Jan 2015 14:38:25 +1300
- CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 29/01/15 03:42, Daniel Veditz wrote: > splitting the hash from the required-type info has other advantages than > syntax: for instance the spec says to use the "strongest" hash, but what > if there are two that are the same hash algorithm but with different ?ct > values? +1 to splitting the two, but we'll have to use a new type > attribute like the "integritytype" that I think Martin suggested, or > maybe "required-type". As an alternative to adding a second attribute, perhaps we could have an optional prefix like: <link integrity="text/css:sha256-ab123... sha512-df45..."> The "text/css:" prefix is optional and then after that follows a space-separated list of hashes (each in the CSP2 format). Francois
Received on Thursday, 29 January 2015 01:38:56 UTC