W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: [SRI] format of the integrity attribute

From: Daniel Veditz <dveditz@mozilla.com>
Date: Wed, 28 Jan 2015 06:42:42 -0800
Message-ID: <CADYDTCCVLJHFwKrsR9H9hGb0R4bOYsJvfWSxf95J1+9voK-m_g@mail.gmail.com>
To: Francois Marier <francois@mozilla.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
I support getting rid of the ugly ni:/// syntax. You can't re-use the TYPE
attribute like that, though. In HTML the type attribute means "treat this
as if it were..." and in SRI we're saying "Fail if it's not ...".

splitting the hash from the required-type info has other advantages than
syntax: for instance the spec says to use the "strongest" hash, but what if
there are two that are the same hash algorithm but with different ?ct
values? +1 to splitting the two, but we'll have to use a new type attribute
like the "integritytype" that I think Martin suggested, or maybe
"required-type".

-Dan Veditz
Received on Wednesday, 28 January 2015 14:43:11 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC