- From: Tab Atkins <tabatkins@google.com>
- Date: Thu, 16 Jan 2014 15:06:02 -0800
- To: Mike West <mkwst@google.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, Anne van Kesteren <annevk@annevk.nl>
On Thu, Jan 16, 2014 at 4:12 AM, Mike West <mkwst@google.com> wrote:
> On Tue, Jan 14, 2014 at 12:39 AM, Tab Atkins <tabatkins@google.com> wrote:
>>
>> fetch() works too!
>>
>> fetch( <string-or-url> <fetch-metadata>#? )
>> <fetch-metadata> = integrity <string> | (more later)
>>
>> So like:
>>
>> .foo {
>> background-image: fetch('http://example.com/img.png' integrity
>> 'ni:///sha256...');
>> }
>>
>> Then we can add things like "cors" or "anonymous" or whatever to the
>> <fetch-metadata> term, etc.
>
>
> Great! Sold!
>
> Would you prefer to add the definition of `fetch()` to one of the zillion
> specs you're responsible for, and for this document to extend the
> '<fetch-metadata>' list? Or would you prefer for this spec to define the
> whole thing?
>
> I'd lean towards the former, but I'm happy to take a stab at the latter if
> you like.
The former is what I'm shooting for too. I'm pinging Anne separately
to see if he has opinions on exactly how the spec should look.
~TJ
Received on Thursday, 16 January 2014 23:06:29 UTC