W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: [SRI] format of the integrity attribute

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 29 Jan 2015 09:04:58 +0100
Message-ID: <CADnb78gjL+Xf6Gcs6CfD4rsx=V6=-of6dE-42SpvoUqGnN=LcA@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Francois Marier <francois@mozilla.com>, WebAppSec WG <public-webappsec@w3.org>
On Thu, Jan 29, 2015 at 4:05 AM, Martin Thomson
<martin.thomson@gmail.com> wrote:
> You could just reserve an identifier from the space of hash identifiers.
> <link integrity="type:text/css sha256:abc... md2:def..." ...
> Then you have a handle upon which to direct processing of the
> corresponding value.
> Note: They aren't URLs, but I think colon is better a separator than a
> hyphen.  Using a character from the hash value-space as a separator
> might cause bugs.

Did we not want to address the content negotiation use case? E.g. for
<img> I could imagine the server sending either image/jpeg or
image/webp (for better or worse).

What Francois proposed would work. (Other hashes would simply default
to the last MIME type given.)

Received on Thursday, 29 January 2015 08:05:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:45 UTC