- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Wed, 23 Sep 2015 18:19:36 +0200
- To: Jerry Qu <quguangyu@gmail.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>
On Wed, Sep 23, 2015 at 5:50 PM, Jerry Qu <quguangyu@gmail.com> wrote: > May the SRI spec give some specific recommendations for this? Only the blob URL should work per Fetch, to which SRI defers. (That is because data URLs for <script> get tainted and SRI cannot poke into tainted responses.) -- https://annevankesteren.nl/
Received on Wednesday, 23 September 2015 16:20:01 UTC