W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2015

Re: SRI: Behavior when a developer fails to specify CORS

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 12 Jun 2015 09:09:57 +0200
Message-ID: <CADnb78jbK5oUhJGYkd91j90TtZi+z63BR43A4tDC4-NOCD3kww@mail.gmail.com>
To: Joel Weinberger <jww@chromium.org>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Fri, Jun 12, 2015 at 5:21 AM, Joel Weinberger <jww@chromium.org> wrote:
> Wouldn't these examples be compatible in all the cases, since the integrity
> attribute is not defined for any of these elements?

It is defined for <script> and <link rel=stylesheet>, no? And I'm sure
it'll be defined for <img> too at some point at which point the
reasoning applies. It seems useful to consider those future cases too.

Received on Friday, 12 June 2015 07:10:22 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:13 UTC