W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: [SRI] format of the integrity attribute

From: Francois Marier <francois@mozilla.com>
Date: Thu, 29 Jan 2015 14:38:25 +1300
Message-ID: <54C98F11.5080908@mozilla.com>
CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 29/01/15 03:42, Daniel Veditz wrote:
> splitting the hash from the required-type info has other advantages than
> syntax: for instance the spec says to use the "strongest" hash, but what
> if there are two that are the same hash algorithm but with different ?ct
> values? +1 to splitting the two, but we'll have to use a new type
> attribute like the "integritytype" that I think Martin suggested, or
> maybe "required-type".

As an alternative to adding a second attribute, perhaps we could have an
optional prefix like:

<link integrity="text/css:sha256-ab123... sha512-df45...">

The "text/css:" prefix is optional and then after that follows a
space-separated list of hashes (each in the CSP2 format).

Francois
Received on Thursday, 29 January 2015 01:38:56 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC