W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: [SRI] format of the integrity attribute

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 28 Jan 2015 19:05:29 -0800
Message-ID: <CABkgnnVOvvKVmi02maJk9Cj1TamEYXcYhHc5hE=BgOapAbf=ug@mail.gmail.com>
To: Francois Marier <francois@mozilla.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
On 28 January 2015 at 17:38, Francois Marier <francois@mozilla.com> wrote:
> <link integrity="text/css:sha256-ab123... sha512-df45...">
>
> The "text/css:" prefix is optional and then after that follows a
> space-separated list of hashes (each in the CSP2 format).

You could just reserve an identifier from the space of hash identifiers.

<link integrity="type:text/css sha256:abc... md2:def..." ...

Then you have a handle upon which to direct processing of the
corresponding value.

Note: They aren't URLs, but I think colon is better a separator than a
hyphen.  Using a character from the hash value-space as a separator
might cause bugs.
Received on Thursday, 29 January 2015 03:05:57 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC