27748 – Value of @integrity attribute not sufficiently prescriptive

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 27748 - Value of @integrity attribute not sufficiently prescriptive

Summary: Value of @integrity attribute not sufficiently prescriptive

Status:	NEW

Alias:	None

Product:	WebAppsSec
Classification:	Unclassified
Component:	Subresource Integrity (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P2 normal
Target Milestone:	---
Assignee:	Mike West
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-01-05 03:32 UTC by Glenn Adams
Modified:	2015-01-08 09:24 UTC (History)
CC List:	2 users (show)

See Also:

Attachments

Description Glenn Adams 2015-01-05 03:32:54 UTC

The definition for the integrity attribute (Section 3.1) says:

"This metadata is generally encoded as a “named information” (ni) URI, as defined in RFC6920. [RFC6920]"

This is like saying it "... [may be] encoded as ...". Please change to something like:

"This metadata is MUST be encoded as a “named information” (ni) URI, as defined in RFC6920. [RFC6920]"

or

"This metadata is MUST be encoded as a URI, where, at a minimum, a user agent MUST support integrity metadata encoded as a named information” (ni) URI, as defined in RFC6920. [RFC6920]"

Comment 1 Mike West 2015-01-08 09:24:59 UTC

Addressed in https://github.com/w3c/webappsec/pull/140, thanks!