Re: [integrity]: Origin confusion attacks.

On Fri, Jan 10, 2014 at 12:30 PM, Ben Toews <> wrote:

> It doesn’t seem like you would need to provide the nonce in style.css
> because the integrity hash of cat.gif is already incorporated into the
> integrity hash of style.css.

I agree it is probably not a problem for CSS because all of the resources
it will load are explicitly defined and hashed. I'm just not sure about
resources loaded dynamically from a script - what do you guys think?

Received on Friday, 10 January 2014 17:47:17 UTC