Re: [SRI] format of the integrity attribute

On 29/01/15 03:42, Daniel Veditz wrote:
> splitting the hash from the required-type info has other advantages than
> syntax: for instance the spec says to use the "strongest" hash, but what
> if there are two that are the same hash algorithm but with different ?ct
> values? +1 to splitting the two, but we'll have to use a new type
> attribute like the "integritytype" that I think Martin suggested, or
> maybe "required-type".

As an alternative to adding a second attribute, perhaps we could have an
optional prefix like:

<link integrity="text/css:sha256-ab123... sha512-df45...">

The "text/css:" prefix is optional and then after that follows a
space-separated list of hashes (each in the CSP2 format).

Francois

Received on Thursday, 29 January 2015 01:38:56 UTC