W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2016

CSS fetch integration

From: Jonathan Kingston <jonathan@jooped.co.uk>
Date: Tue, 27 Sep 2016 02:15:09 +0000
Message-ID: <CAKrjaaVu+Xrk2T+CpRq7A=qBn+jO50ScyMCSa-ZEXwZEjm3C5g@mail.gmail.com>
To: www-style@w3.org, WebAppSec WG <public-webappsec@w3.org>
Hi WebAppSec and CSSWG,

As part of the latest SRI spec work, there is a desire to put SRI
capabilities within CSS[1]. However this would be made simpler with a
closer integration of CSS with the fetch API on any <url> type properties.

So I have started a draft [2], which I thought I would should share in it's
very rough stage to prevent it from stagnating.

The draft covers a rough direction of how all <url> types will behave when
integrated with CSS, it also covers some of the further specification of
how referrer headers are handled within CSS.

The draft also at the end covers the use of integrity and crossorigin URL
modifiers to be used in conjunction with the url data type to restrict sub
resources with the same checks as is possible in HTML.

Feel free to respond here on thoughts and file issues on Github [3].

Thanks

[1]
https://github.com/w3c/webappsec-subresource-integrity/issues/40#issuecomment-247964962
[2] https://jonathankingston.github.io/css-fetch-integration/
[3] https://github.com/jonathanKingston/css-fetch-integration/tree/gh-pages
Received on Tuesday, 27 September 2016 02:15:59 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:21 UTC