Implement the CMS cleanup from the spec review.
Tasks:
- Emit signed sections that wrap the actual signed content, not detached signature metadata blocks.
- Use canonical unpadded Base64 hashes and signatures.
- Bind signatures to serialized origins rather than bare hostnames.
- Emit and sign all direct child
meta claims inside signed-section according to the finalized claims contract.
- Include signed attribute coverage for
href, src, alt, and aria-label where the CMS output contains those attributes.
- Update WordPress and Hugo reference integration code and tests.
- Keep legacy API usage only behind compatibility paths if needed.
Spec tracking issue: HTMLTrust/htmltrust-spec protocol cleanup after security review.
Implement the CMS cleanup from the spec review.
Tasks:
metaclaims insidesigned-sectionaccording to the finalized claims contract.href,src,alt, andaria-labelwhere the CMS output contains those attributes.Spec tracking issue: HTMLTrust/htmltrust-spec protocol cleanup after security review.