remake index.html

w3c · 4f63ba77d62a2999ffb7a1e1b5397c9d533af53b · devd committed Jul 13, 2016 · Jul 13, 2016 · 4f63ba7
1 parent 1c2a87e
commit 4f63ba77d62a2999ffb7a1e1b5397c9d533af53b
Unified Split

Showing with 20 additions and 4 deletions.

+20 −4 index.html
diff --git a/index.html b/index.html
@@ -1400,7 +1400,7 @@
   <div class="head">
    <p data-fill-with="logo"><a class="logo" href="http://www.w3.org/"> <img alt="W3C" height="48" src="https://www.w3.org/StyleSheets/TR/2016/logos/W3C" width="72"> </a> </p>
    <h1 class="p-name no-ref" id="title">Subresource Integrity</h1>
-   <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Editor’s Draft, <time class="dt-updated" datetime="2016-06-21">21 June 2016</time></span></h2>
+   <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Editor’s Draft, <time class="dt-updated" datetime="2016-07-13">13 July 2016</time></span></h2>
    <div data-fill-with="spec-metadata">
     <dl>
      <dt>This version:
@@ -1536,7 +1536,8 @@ <h2 class="no-num no-toc no-ref" id="contents">Table of Contents</h2>
       <li><a href="#hash-collision-attacks"><span class="secno">5.2</span> <span class="content">Hash collision attacks</span></a>
       <li><a href="#cross-origin-data-leakage"><span class="secno">5.3</span> <span class="content">Cross-origin data leakage</span></a>
      </ol>
-    <li><a href="#acknowledgements"><span class="secno">6</span> <span class="content">Acknowledgements</span></a>
+    <li><a href="#iana-considerations"><span class="secno">6</span> <span class="content">IANA Considerations</span></a>
+    <li><a href="#acknowledgements"><span class="secno">7</span> <span class="content">Acknowledgements</span></a>
     <li>
      <a href="#conformance"><span class="secno"></span> <span class="content">Conformance</span></a>
      <ol class="toc">
@@ -1772,7 +1773,8 @@ <h4 class="heading settled" data-level="3.3.2" id="parse-require-sri-for"><span
      <p>Let the set of <var>protected resource types</var> that require SRI be the empty set.</p>
     <li data-md="">
      <p>For each <var>token</var> in the result of <a data-link-type="dfn" href="http://www.w3.org/TR/html5/infrastructure.html#split-a-string-on-spaces"> splitting <var>token list</var> on spaces</a>, if token matches the grammar
-  for <a data-link-type="dfn" href="#require-sri-for" id="ref-for-require-sri-for-1">require-sri-for</a>, add <var>token</var> to <var>protected resource types</var> if <var>token</var> is a <a data-link-type="dfn" href="#known-tokens" id="ref-for-known-tokens-1">known token</a>. Otherwise, ignore the token.</p>
+  for <a data-link-type="dfn" href="#require-sri-for" id="ref-for-require-sri-for-1">require-sri-for</a> and is a <a data-link-type="dfn" href="http://www.w3.org/TR/html5/scripting-1.html#ascii-case-insensitive">ASCII case-insensitive match</a> for any of the <a data-link-type="dfn" href="#known-tokens" id="ref-for-known-tokens-1">known token</a>s, add <var>token</var> to <var>protected resource types</var>.
+  Otherwise, ignore the token.</p>
     <li data-md="">
      <p>Return the set of <var>protected resource types</var>.</p>
    </ol>
@@ -2082,7 +2084,18 @@ <h3 class="heading settled" data-level="5.3" id="cross-origin-data-leakage"><spa
 common usernames, and specify those hashes while repeatedly attempting
 to load the document. A successful load would confirm that the attacker
 has correctly guessed the username.</p>
-   <h2 class="heading settled" data-level="6" id="acknowledgements"><span class="secno">6. </span><span class="content">Acknowledgements</span><a class="self-link" href="#acknowledgements"></a></h2>
+   <section>
+    <h2 class="heading settled" data-level="6" id="iana-considerations"><span class="secno">6. </span><span class="content">IANA Considerations</span><a class="self-link" href="#iana-considerations"></a></h2>
+    <p>The Content Security Policy Directive registry should be updated with the
+  following directives and references <a data-link-type="biblio" href="#biblio-rfc7762">[RFC7762]</a>:</p>
+    <dl>
+     <dt data-md="">
+      <p><a data-link-type="dfn" href="#require-sri-for" id="ref-for-require-sri-for-4"><code>require-sri-for</code></a></p>
+     <dd data-md="">
+      <p>This document (see <a href="#opt-in-require-sri-for">§3.3.1 Opting-in</a>)</p>
+    </dl>
+   </section>
+   <h2 class="heading settled" data-level="7" id="acknowledgements"><span class="secno">7. </span><span class="content">Acknowledgements</span><a class="self-link" href="#acknowledgements"></a></h2>
    <p>Much of the content here is inspired heavily by Gervase Markham’s <a href="http://www.gerv.net/security/link-fingerprints/">Link Fingerprints</a> concept as well as WHATWG’s <a href="https://wiki.whatwg.org/wiki/Link_Hashes">Link Hashes</a>.</p>
    <p>A special thanks to Mike West of Google, Inc. for his invaluable contributions
 to the initial version of this spec. Additionally, Brad Hill, Anne van Kesteren,
@@ -2245,6 +2258,8 @@ <h3 class="no-num no-ref heading settled" id="normative"><span class="content">N
    <dd>R. Fielding, Ed.; J. Reschke, Ed.. <a href="https://tools.ietf.org/html/rfc7231">Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content</a>. June 2014. Proposed Standard. URL: <a href="https://tools.ietf.org/html/rfc7231">https://tools.ietf.org/html/rfc7231</a>
    <dt id="biblio-rfc7234">[RFC7234]
    <dd>R. Fielding, Ed.; M. Nottingham, Ed.; J. Reschke, Ed.. <a href="https://tools.ietf.org/html/rfc7234">Hypertext Transfer Protocol (HTTP/1.1): Caching</a>. June 2014. Proposed Standard. URL: <a href="https://tools.ietf.org/html/rfc7234">https://tools.ietf.org/html/rfc7234</a>
+   <dt id="biblio-rfc7762">[RFC7762]
+   <dd>M. West. <a href="https://tools.ietf.org/html/rfc7762">Initial Assignment for the Content Security Policy Directives Registry</a>. January 2016. Informational. URL: <a href="https://tools.ietf.org/html/rfc7762">https://tools.ietf.org/html/rfc7762</a>
    <dt id="biblio-secure-contexts">[SECURE-CONTEXTS]
    <dd>Mike West; Yan Zhu. <a href="https://w3c.github.io/webappsec-secure-contexts/">Secure Contexts</a>. WD. URL: <a href="https://w3c.github.io/webappsec-secure-contexts/">https://w3c.github.io/webappsec-secure-contexts/</a>
    <dt id="biblio-sha2">[SHA2]
@@ -2329,6 +2344,7 @@ <h2 class="no-num no-ref heading settled" id="idl-index"><span class="content">I
    <ul>
     <li><a href="#ref-for-require-sri-for-1">3.3.2. Parsing require-sri-for</a>
     <li><a href="#ref-for-require-sri-for-2">3.3.3. Apply algorithm to request</a> <a href="#ref-for-require-sri-for-3">(2)</a>
+    <li><a href="#ref-for-require-sri-for-4">6. IANA Considerations</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="known-tokens">