W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2015

Re: CfC: Subresource Integrity (SRI) to Last Call?

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 23 Apr 2015 17:31:02 -0700
Message-ID: <CADnb78i2Lz6f1+SEkqT0ADED4-jyRKf_FSa+XiLOo54fibCC+w@mail.gmail.com>
To: Austin William Wright <aaa@bzfx.net>
Cc: Joel Weinberger <jww@chromium.org>, Devdatta Akhawe <dev.akhawe@gmail.com>, Frederik Braun <fbraun@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Apr 23, 2015 at 2:51 PM, Austin William Wright <aaa@bzfx.net> wrote:
> That's because this isn't a URL, it's a URI (at least not without an
> authority component). As such, it's completely opaque to Web browsers.

That distinction has been meaningless since forever.

> While `integrity` isn't limited to HTML, there's plenty of precedent for
> using URIs outside use as network identifiers in HTML, namely the `rel` and
> `xmlns` attributes, and the `profile` media type property.

These are all terrible precedents that we don't want to follow.

> In any event, Web browsers shouldn't need to care, the syntax is arbitrary
> to them.

As I explained the more complicated processing model is not at all
something arbitrary that can be ignored.

Received on Friday, 24 April 2015 00:31:24 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:48 UTC