W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2014

[integrity] The noncanonical-src attribute

From: Simon Pieters <simonp@opera.com>
Date: Fri, 13 Jun 2014 08:37:24 +0200
To: public-webappsec@w3.org
Message-ID: <op.xhdrcmq3idj3kv@simons-mbp>

I think the noncanonical-src feature is going to be insanely complicated  
to get right. Please remove it. If authors want fallback, they can do so  
in an imperative fashion, e.g.:

<script src="https://example.com/script.js"
         onerror="var s = document.createElement('script');
                  s.src = 'https://cdn.example.com/script.js';

Simon Pieters
Opera Software
Received on Friday, 13 June 2014 06:37:59 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:39 UTC