- From: Jonathan Kingston <jonathan@jooped.co.uk>
- Date: Tue, 27 Sep 2016 02:15:09 +0000
- To: www-style@w3.org, WebAppSec WG <public-webappsec@w3.org>
Received on Tuesday, 27 September 2016 02:15:58 UTC
Hi WebAppSec and CSSWG, As part of the latest SRI spec work, there is a desire to put SRI capabilities within CSS[1]. However this would be made simpler with a closer integration of CSS with the fetch API on any <url> type properties. So I have started a draft [2], which I thought I would should share in it's very rough stage to prevent it from stagnating. The draft covers a rough direction of how all <url> types will behave when integrated with CSS, it also covers some of the further specification of how referrer headers are handled within CSS. The draft also at the end covers the use of integrity and crossorigin URL modifiers to be used in conjunction with the url data type to restrict sub resources with the same checks as is possible in HTML. Feel free to respond here on thoughts and file issues on Github [3]. Thanks [1] https://github.com/w3c/webappsec-subresource-integrity/issues/40#issuecomment-247964962 [2] https://jonathankingston.github.io/css-fetch-integration/ [3] https://github.com/jonathanKingston/css-fetch-integration/tree/gh-pages
Received on Tuesday, 27 September 2016 02:15:58 UTC