- From: Brian Smith <brian@briansmith.org>
- Date: Sun, 8 Feb 2015 22:44:29 -0800
- To: Devdatta Akhawe <dev.akhawe@gmail.com>
- Cc: Francois Marier <francois@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Devdatta Akhawe <dev.akhawe@gmail.com> wrote: > On the other hand, it is a reasonable position to adapt for a site > admin to say "we provide SRI protections if you are using a modern > browser that supports SRI with secure hash algorithms." This does > require the long tail of browsers to ignore algorithms it doesn't know > about. It's not clear what you are suggesting. How should a browser deal with the typo "sha265"? I think it should avoid loading the resource when there is such a typo. How can a browser detect a typo? It should assume all unrecognized algorithm names are typos unless explicitly instructed otherwise. Cheers, Brian
Received on Monday, 9 February 2015 06:44:56 UTC