Re: [SRI] format of the integrity attribute from Martin Thomson on 2015-01-29 (public-webappsec@w3.org from January 2015)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 28 Jan 2015 19:05:29 -0800
To: Francois Marier <francois@mozilla.com>
Cc: WebAppSec WG <public-webappsec@w3.org>
Message-ID: <CABkgnnVOvvKVmi02maJk9Cj1TamEYXcYhHc5hE=BgOapAbf=ug@mail.gmail.com>

On 28 January 2015 at 17:38, Francois Marier <francois@mozilla.com> wrote:
> <link integrity="text/css:sha256-ab123... sha512-df45...">
>
> The "text/css:" prefix is optional and then after that follows a
> space-separated list of hashes (each in the CSP2 format).

You could just reserve an identifier from the space of hash identifiers.

<link integrity="type:text/css sha256:abc... md2:def..." ...

Then you have a handle upon which to direct processing of the
corresponding value.

Note: They aren't URLs, but I think colon is better a separator than a
hyphen.  Using a character from the hash value-space as a separator
might cause bugs.

Received on Thursday, 29 January 2015 03:05:57 UTC