W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2015

Re: SRI: edge case when loading the same stylesheet twice in a document

From: Frederik Braun <fbraun@mozilla.com>
Date: Thu, 17 Sep 2015 10:10:08 +0200
To: public-webappsec@w3.org
Message-ID: <55FA7560.4010908@mozilla.com>
On 17.09.2015 02:26, Conrad Irwin wrote:
> I think this is only safe if there's no way to make the page re-load the
> same stylesheet.
> 
> If you remove the link element and re-add it in javascript, will that
> cause another request?
> 
> If so a malicious person could detect whether this is the first load of
> the stylesheet or the second, and serve different content both times.

That's a good point. But is it going to reuse the same data structure if
the same URL returns a different resource? I was hoping not.
Received on Thursday, 17 September 2015 08:11:29 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:15 UTC