- From: Yan Zhu <notifications@github.com>
- Date: Thu, 07 May 2015 13:32:36 -0700
- To: w3ctag/spec-reviews <spec-reviews@noreply.github.com>
- Message-ID: <w3ctag/spec-reviews/issues/43/100010425@github.com>
What is the status of this? @hillbrad just sent an email to w3ctag requesting review by 5/26.
```
The Web Application Security Working Group requests review of the following specification before 2015-05-26:
Subresource Integrity
http://w3c.github.io/webappsec/specs/subresourceintegrity/
The group requests feedback via public-webappsec@w3.org with [SRI] in subject line
This specification defines a mechanism by which user agents may verify that a fetched resource has been delivered without unexpected manipulation. Specifically, this version uses hashed metadata annotations delivered as a new "integrity" attribute of the <script> and <link> tags.
Level 1 is intended as a "minimum viable" release, targeting what the group believes to be a few high-value use cases with the most manageable requirements, in order to learn how such a mechanism will interact with the large scale architecture of the Web, before proceeding to additional features and scenario targets.
The group has specifically asked for feedback on the following:
============================================
Fetch Integration
Privacy and Security Considerations
CORS interactions
Future Considerations regarding broader integration into other HTML elements
Extensibility
============================================
Sincerely,
Brad Hill
Co-chair, WebAppSec WG
```
---
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/spec-reviews/issues/43#issuecomment-100010425
Received on Thursday, 7 May 2015 20:33:03 UTC