W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2014

Re: [integrity] What should we hash?

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Wed, 12 Mar 2014 23:09:43 -0700
Message-ID: <CAPfop_22riU2nYXGBf1RAtSPFfQ2ZuYV5Ds-y7n8eLwPNqciNA@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: Mark Nottingham <mnot@mnot.net>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Can you elaborate on the "save as" scenario?

The spec does talk about downloads. Seems to me that my browser does
undo the encodings when I download something. Say I save a text file
sent over HTTP. with Content Encoding set to gzip. It won't give me a
txt.gz file, right?


On 12 March 2014 22:54, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> On 3/13/14 1:37 AM, Devdatta Akhawe wrote:
>> Does "representation" or "the message payload before content codings
>> are applied." sound right to others? Boris?
> I can't speak to the right terminology, but I believe that's the right
> concept.
> One interesting issue here is cases in which the browser does NOT plan to
> undo the content-encoding, though.  This typically comes up in "save as"
> scenarios, so may not be relevant here?
> -Boris
Received on Thursday, 13 March 2014 06:10:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:37 UTC