This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 27746 - Integrity of image content
Summary: Integrity of image content
Status: NEW
Alias: None
Product: WebAppsSec
Classification: Unclassified
Component: Subresource Integrity (show other bugs)
Version: unspecified
Hardware: All All
: P2 normal
Target Milestone: ---
Assignee: Mike West
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-01-05 03:11 UTC by Glenn Adams
Modified: 2015-01-07 02:28 UTC (History)
4 users (show)

See Also:


Attachments

Description Glenn Adams 2015-01-05 03:11:43 UTC
The introduction includes 'images' as potentially covered content, but the specification does nothing to explicitly support this, such as adding an @integrity attribute to the img element (and HTMLImageElement).
Comment 1 Yoav Weiss 2015-01-06 09:04:15 UTC
As discussed in the past, adding such support using a single attribute on img is probably not enough. Such support would probably require adding it to srcset as well, possibly in the form of "integrity descriptors" of some sort.
Comment 2 Mike West 2015-01-06 14:34:32 UTC
Didn't we come up with syntax for that, Yoav?

Freddy, was this part of The Great Shrinkening that you're doing for a trimmed-down v1?
Comment 3 Yoav Weiss 2015-01-06 14:59:26 UTC
We've discussed some options, but I don't think we ever came up with a concrete proposal. I'll open up a related issue on the respimg repo
Comment 4 fbraun 2015-01-06 16:52:07 UTC
What's the general process here? I removed the syntax because we wanted to do styles and scripts only in version 1. The plan is to bring this in, when we actually *do* image integrity.

I ripped this out in https://github.com/w3c/webappsec/pull/74.
Comment 5 Glenn Adams 2015-01-07 02:28:11 UTC
(In reply to fbraun from comment #4)
> What's the general process here? I removed the syntax because we wanted to
> do styles and scripts only in version 1. The plan is to bring this in, when
> we actually *do* image integrity.
> 
> I ripped this out in https://github.com/w3c/webappsec/pull/74.

in that case, you need to say those are the plans, preferably saying this near where you say you are handling images and fonts