W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2014

Re: [SRI] What should we Hash Redux

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 3 Jul 2014 19:13:05 +0200
Message-ID: <CADnb78i6pshNp35r=GtmZWXV5j2fFG3ksjn8EyY_Yb=2bayAig@mail.gmail.com>
To: Devdatta Akhawe <dev.akhawe@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Jul 3, 2014 at 7:03 PM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote:
> Forgive me, but the way I read it---payload body is message body with
> transfer encoding removed. That still leaves the gzip
> content-encoding, right?

My bad. Somewhat embarrassing that this keeps tripping me up.

>> No, XMLHttpRequest, <img>, and such do,
> so, to be sure, you are saying XHR'ing a .tar.gz file will give me the
> un-gziped version of the file?

Depends on the headers used. But if it's a content coding, yes.

>> It seems HTML does not define this in detail at the moment. That would
>> need to be fixed.
> Yup. And I am hoping once the other specs define all these things in
> detail, SRI won't need to. SRI can just refer to the other specs.

Well, ideally we integrate most of SRI into the other specs so it
would indeed become self-evident.

Received on Thursday, 3 July 2014 17:13:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:39 UTC