/webappsec-subresource-integrity

New issue

Extend SRI to support integrity metadata on inline script/style blocks #44

Open
shekyan opened this Issue Jun 22, 2016 · 4 comments

Labels

None yet

Milestone

  v2

Assignees

No one assigned

3 participants

@shekyan @devd @mikewest
@shekyan
shekyan commented Jun 22, 2016 edited

Per F2F discussion , consider extending this specification to support integrity metadata on inline scripts(/styles?).

This also implies that require-sri-for will enforce integrity metadata on both inline and external resources types.

WDYT @metromoxie, @devd, @mozfreddyb, @fmarier ?

@devd
devd commented Jun 23, 2016

totally fair to consider for sriv2. More curious about implementor interest.

@devd devd added this to the v2 milestone Jun 23, 2016
@shekyan
shekyan commented Jun 23, 2016

You guys tricked me into this again:) I'll take it.

@mikewest
World Wide Web Consortium member
mikewest commented Jun 23, 2016 edited

Apple wants it (see https://www.w3.org/2016/05/16-webappsec-minutes.html#item02 (+@johnwilander to confirm)). I wouldn't mind implementing in Chrome (though @metromoxie is the right person to ask).

@shekyan
shekyan commented Jun 23, 2016

Oh I thought @devd meant feature implementor in the spec.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment