Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Considering using ssri crate for subresource integrity parsing #24513

Open
Manishearth opened this issue Oct 21, 2019 · 1 comment
Open

Considering using ssri crate for subresource integrity parsing #24513

Manishearth opened this issue Oct 21, 2019 · 1 comment
Labels
A-network I-enhancement No impact; the issue is a missing or proposed feature.

Comments

@Manishearth
Copy link
Member

We already support parsing and checking subresource integrity headers in https://github.com/servo/servo/blob/master/components/net/subresource_integrity.rs, but there is the ssri crate which is being actively developed. Maybe we should consider pulling that in?

As an aside, we should also consider splitting out such algorithms into external crates more often.
@Manishearth Manishearth added I-enhancement No impact; the issue is a missing or proposed feature. A-network labels Oct 21, 2019
@jgraham
Copy link
Contributor

jgraham commented Oct 21, 2019

Note that the license of the 5.0.0 release is unusual ("Freedom Zero Parity") and so switching to this would probably require either forking at 4.x or a specific determination that this license is acceptable to servo (unless that already happened ofc).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-network I-enhancement No impact; the issue is a missing or proposed feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jgraham @Manishearth