27746 2015-01-05 03:11:43 +0000 Integrity of image content 2015-01-07 02:28:11 +0000 1 1 1 Unclassified WebAppsSec Subresource Integrity unspecified All All NEW P2 normal --- 1 glenn mkwst dev.akhawe fbraun public-webappsec yoav oldest_to_newest 116776 0 glenn 2015-01-05 03:11:43 +0000 The introduction includes 'images' as potentially covered content, but the specification does nothing to explicitly support this, such as adding an @integrity attribute to the img element (and HTMLImageElement). 116813 1 yoav 2015-01-06 09:04:15 +0000 As discussed in the past, adding such support using a single attribute on img is probably not enough. Such support would probably require adding it to srcset as well, possibly in the form of "integrity descriptors" of some sort. 116824 2 mkwst 2015-01-06 14:34:32 +0000 Didn't we come up with syntax for that, Yoav? Freddy, was this part of The Great Shrinkening that you're doing for a trimmed-down v1? 116826 3 yoav 2015-01-06 14:59:26 +0000 We've discussed some options, but I don't think we ever came up with a concrete proposal. I'll open up a related issue on the respimg repo 116836 4 fbraun 2015-01-06 16:52:07 +0000 What's the general process here? I removed the syntax because we wanted to do styles and scripts only in version 1. The plan is to bring this in, when we actually *do* image integrity. I ripped this out in https://github.com/w3c/webappsec/pull/74. 116869 5 glenn 2015-01-07 02:28:11 +0000 (In reply to fbraun from comment #4) > What's the general process here? I removed the syntax because we wanted to > do styles and scripts only in version 1. The plan is to bring this in, when > we actually *do* image integrity. > > I ripped this out in https://github.com/w3c/webappsec/pull/74. in that case, you need to say those are the plans, preferably saying this near where you say you are handling images and fonts