- From: Frederik Braun <fbraun@mozilla.com>
- Date: Fri, 13 Jun 2014 14:43:41 +0200
- To: public-webappsec@w3.org
Why exactly do you consider it complicated to implement? Can you please
elaborate?
On 13.06.2014 08:37, Simon Pieters wrote:
> http://w3c.github.io/webappsec/specs/subresourceintegrity/#the-noncanonical-src-attribute-todo
>
>
> I think the noncanonical-src feature is going to be insanely complicated
> to get right. Please remove it. If authors want fallback, they can do so
> in an imperative fashion, e.g.:
>
> <script src="https://example.com/script.js"
>
> integrity="ni:///sha-256;jsdfhiuwergn...vaaetgoifq?ct=application/javascript"
>
> onerror="var s = document.createElement('script');
> s.src = 'https://cdn.example.com/script.js';
> this.after(s);"></script>
>
> cheers
Received on Friday, 13 June 2014 12:44:10 UTC