W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2015

Re: [SRI] Updates to the spec and outstanding issues

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 10 Mar 2015 09:25:14 +0100
Message-ID: <CADnb78gE458GMDc8yNUwGFcHTexw2ukPZG+Y6VdFJ6rj6rQfrw@mail.gmail.com>
To: Devdatta Akhawe <dev.akhawe@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Tue, Mar 10, 2015 at 12:03 AM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote:
> The SRI spec currently doesn't enforce the mime-type and should say
> something like "insist on this mime type, even after sniffing".
> Unfortunately, content-type sniffing (afaik) isn't really spec'ed so it is
> not clear how to put that in the spec.

https://mimesniff.spec.whatwg.org/ is what browsers implement though
there's various differences still unfortunately.


-- 
https://annevankesteren.nl/
Received on Tuesday, 10 March 2015 08:25:37 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:11 UTC