- From: Michal Zalewski <lcamtuf@coredump.cx>
- Date: Wed, 8 Jan 2014 13:57:44 -0800
- To: Mike West <mkwst@google.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Devdatta Akhawe <dev.akhawe@gmail.com>, Frederik Braun <fbraun@mozilla.com>, Joel Weinberger <jww@google.com>, Brad Hill <bhill@paypal.com>, Anne van Kesteren <annevk@annevk.nl>, Mark Nottingham <mnot@mnot.net>, Tab Atkins <tabatkins@google.com>, Ilya Grigorik <igrigorik@google.com>
>> What would be the behavior of clicking on a non-download link with the >> integrity parameter specified? What would happen if this link is >> opened in a new window? It seems that it may be difficult to behave >> consistently in this case (e.g., how to handle right-click + "open in >> an incognito window" in Chrome?). > > The intent is for nothing interesting to happen if the resource isn't being > treated as a download. OK, so let's say we have download + integrity - what happens on a right-click + open in a new window / open in an incognito window? It feels that it's going to be hard for implementations to enforce integrity consistently on any clickable links; <script> and similar subresources seem a lot more straightforward. /mz
Received on Wednesday, 8 January 2014 21:58:32 UTC