- From: Devdatta Akhawe <dev.akhawe@gmail.com>
- Date: Wed, 5 Nov 2014 20:35:09 -0800
- To: Brian Smith <brian@briansmith.org>
- Cc: Joel Weinberger <jww@chromium.org>, Hatter Jiang OWS <hatter@openwebsecurity.org>, Ben Toews <btoews@github.com>, Mike West <mkwst@google.com>, Frederik Braun <fbraun@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
> > I agree that that would be good, and that's exactly what would have happened > if Frederik hadn't pointed out this issue before SRI were standardized. But, > since we know about the issue now, I think it is reasonable to consider > changes to the syntax that avoid the problem now, so that we don't end up > with a bad syntax later. I guess I see the header (in CSP or separate SRI header) mechanism as something that can be easily added on later. Is there a particular part of the current syntax that makes you think it won't be possible to evolve the direction you envision? ~dev
Received on Thursday, 6 November 2014 04:35:56 UTC