- From: Simon Pieters <simonp@opera.com>
- Date: Fri, 13 Jun 2014 08:37:24 +0200
- To: public-webappsec@w3.org
http://w3c.github.io/webappsec/specs/subresourceintegrity/#the-noncanonical-src-attribute-todo I think the noncanonical-src feature is going to be insanely complicated to get right. Please remove it. If authors want fallback, they can do so in an imperative fashion, e.g.: <script src="https://example.com/script.js" integrity="ni:///sha-256;jsdfhiuwergn...vaaetgoifq?ct=application/javascript" onerror="var s = document.createElement('script'); s.src = 'https://cdn.example.com/script.js'; this.after(s);"></script> cheers -- Simon Pieters Opera Software
Received on Friday, 13 June 2014 06:37:59 UTC