Implement the browser-client cleanup from the spec review.
Tasks:
- Use canonical unpadded Base64 consistently.
- Verify against serialized origins rather than
hostname.
- Implement the finalized claims contract: all direct child
meta elements inside signed-section are signed claims.
- Implement the signed attribute allowlist starting with
href, src, alt, and aria-label.
- Add server-HTML snapshot verification support with explicit result states for source-only, stale, and rendered-content match.
- Align key resolution, directory fetches, and endorsement verification with the provisional network/CSP/privacy model.
- Replace freeform failure strings with the spec enum.
Spec tracking issue: HTMLTrust/htmltrust-spec protocol cleanup after security review.
Implement the browser-client cleanup from the spec review.
Tasks:
hostname.metaelements insidesigned-sectionare signed claims.href,src,alt, andaria-label.Spec tracking issue: HTMLTrust/htmltrust-spec protocol cleanup after security review.