- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 6 May 2015 18:52:36 +0200
- To: Frederik Braun <fbraun@mozilla.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, May 6, 2015 at 2:23 PM, Frederik Braun <fbraun@mozilla.com> wrote: > Instead, Subresource Integrity is now asking for "Wide Review". > > Please share the latest revision of the Subresource Integrity working > draft widely. Any feedback now can safe us work in the future :-) > > http://w3c.github.io/webappsec/specs/subresourceintegrity/ I find it hard to review while you have not tackled Fetch integration. That would make all logic apparent. The idea of integrity failing and <script> having to check for that seems insane. It should fail directly at the network layer without the ability for <script> to even have to think about it. I filed an issue for this which you classified as an editorial nit, but I would like to see this addressed since it would impact the structure of the specification quite a bit and would make the security much more tightly coupled than it is now: https://github.com/w3c/webappsec/issues/238 -- https://annevankesteren.nl/
Received on Wednesday, 6 May 2015 16:53:02 UTC