- From: Brad Hill <hillbrad@fb.com>
- Date: Thu, 7 May 2015 19:30:50 +0000
- To: "www-tag@w3.org" <www-tag@w3.org>
Hello, The Web Application Security Working Group requests review of the following specification before 2015-05-26: Subresource Integrity http://w3c.github.io/webappsec/specs/subresourceintegrity/ The group requests feedback via public-webappsec@w3.org with [SRI] in subject line This specification defines a mechanism by which user agents may verify that a fetched resource has been delivered without unexpected manipulation. Specifically, this version uses hashed metadata annotations delivered as a new "integrity" attribute of the <script> and <link> tags. Level 1 is intended as a "minimum viable" release, targeting what the group believes to be a few high-value use cases with the most manageable requirements, in order to learn how such a mechanism will interact with the large scale architecture of the Web, before proceeding to additional features and scenario targets. The group has specifically asked for feedback on the following: ============================================ Fetch Integration Privacy and Security Considerations CORS interactions Future Considerations regarding broader integration into other HTML elements Extensibility ============================================ Sincerely, Brad Hill Co-chair, WebAppSec WG
Received on Thursday, 7 May 2015 19:34:46 UTC