- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 11 Jun 2015 08:46:52 +0200
- To: Joel Weinberger <jww@chromium.org>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Jun 11, 2015 at 7:39 AM, Joel Weinberger <jww@chromium.org> wrote: > FWIW, the status quo is (1). At least a majority of the editors lean towards > (1) as well since we can adjust in the future in a forwards compatible way, > but we want to check in with the community to see what we're missing here. > Again, you can check out the GitHub issue for all the juicy details of our > back-and-forth. Given the compatibility argument, (1) would be safest there too. Otherwise e.g. painting <img integrity=...> on a <canvas> and then exporting it would fail in older user agents while it would work in newer user agents that get that integrity implies crossorigin. (You can think of similar examples with <script> and remote debugging or <link rel=stylesheet> and CSSOM.) -- https://annevankesteren.nl/
Received on Thursday, 11 June 2015 06:47:17 UTC