- From: Trevor Perrin <trevp@trevp.net>
- Date: Sun, 20 Oct 2013 23:27:27 -0700
- To: Neil Matatall <neilm@twitter.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Fri, Oct 18, 2013 at 5:47 PM, Neil Matatall <neilm@twitter.com> wrote: > >> but I'm not sure of the true value of applying script hash to src'd content > > It's been discussed, especially when the code is hosted by a 3rd party > (when self-hosting is not an option). Hi Neil, all, Is this getting into the "sub-resource integrity" use case? [1] That seems like it needs a different mechanism than "script-hash", so maybe this is a tangent, but: Is this group still interested in / working on "subresource integrity"? Trevor [1] http://lists.w3.org/Archives/Public/public-webappsec/2012Nov/att-0112/Web_Application_Security_Working_Group.htm
Received on Monday, 21 October 2013 06:27:54 UTC