subresource integrity (was Re: PING call)

On May 18, 2015, at 5:20 AM, Kepeng Li < <>> wrote:
>> 2. Privacy review request from Web Applications Security WG concerning
>> Subresource Integrity [1]
> It seems that there are no privacy considerations in this document.
> Should we add something?

There is a Security Considerations section that is likely relevant to the things we typically review: <>

For example, cross-origin data leakage is one of the considerations there. I wonder if authors should typically write these as "Security and Privacy Considerations" since they so often overlap.


Received on Tuesday, 19 May 2015 01:40:33 UTC