Re: [SRI] editorial from Joel Weinberger on 2015-11-17 (public-webappsec@w3.org from November 2015)

From: Joel Weinberger <jww@chromium.org>
Date: Tue, 17 Nov 2015 18:46:43 +0000
To: timeless@gmail.com, public-webappsec@w3.org
Message-ID: <CAHQV2K=57ndYr82XOFV9xNgywMFHrNAcrH+HQgywwnt-WOz-aA@mail.gmail.com>

Hi timeless. Thanks for the fixes. I just wrote up
https://github.com/w3c/webappsec-subresource-integrity/pull/19 to fix these
issues.
--Joel

On Mon, Nov 16, 2015 at 12:35 PM timeless <timeless@gmail.com> wrote:

> SRI [1]
> > feedback due by: 2015-12-15
>
> > Additonally [sp], Brad Hill,
>
> > For example, given a script resource containing only the string
> "alert('Hello, world.');"
>
> Could you add `(without the double quotes)`?
> to match:
>
> > This metadata MUST be encoded in the same format as the hash-source
> (without the single quotes)
>
> > 3.3. Parse token per the grammar in integrity metadata
>
> missing `.`
>
>
> [1] http://www.w3.org/TR/2015/CR-SRI-20151112/
>
>

Received on Tuesday, 17 November 2015 18:47:27 UTC