- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 6 Nov 2007 02:52:55 +0000 (UTC)
On Mon, 5 Nov 2007, Jon Barnett wrote: > On 11/5/07, Ian Hickson <ian at hixie.ch> wrote: > > > > Philip brought up a good point on IRC which is that hashing the entity > > doesn't protect against changes to the headers (and hashing the headers > > isn't workable since they change). > > If it were to be crammed into HTML, it would be nice if it were done > like this: <a href="..." type="application/octet-stream; md5=xxx"> That doesn't really address the problem of unexpected hostile HTTP headers, though (like Set-Cookie or Location with a 301 response code). It was also later pointed out that this idea would also make incremental rendering more difficult to achieve. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 5 November 2007 18:52:55 UTC