/
824.txt
162 lines (120 loc) · 7.01 KB
/
824.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
* 仕様書
[REFS[
- [36] [CITE@en[Subresource Integrity]] ([TIME[2016-06-22 03:22:12 +09:00]]) <https://w3c.github.io/webappsec-subresource-integrity/>
]REFS]
* 歴史
[11] [CITE@en[Link Hashes - WHATWG Wiki]] ([TIME[2014-10-11 21:00:37 +09:00]] 版) <https://wiki.whatwg.org/wiki/Link_Hashes>
[1] [CITE@en[Subresource Integrity]]
( ([TIME[2014-03-15 05:47:19 +09:00]] 版))
<http://www.w3.org/TR/2014/WD-SRI-20140318/>
[2] [CITE@en[Subresource Integrity]]
( ([TIME[2014-05-21 09:40:41 +09:00]] 版))
<http://w3c.github.io/webappsec/specs/subresourceintegrity/>
[3] [CITE[IRC logs: freenode / #whatwg / 20140613]]
( ([TIME[2014-06-14 11:47:11 +09:00]] 版))
<http://krijnhoetmer.nl/irc-logs/whatwg/20140613#l-229>
[4] [CITE@en[Subresource Integrity]]
( ([TIME[2014-07-02 16:04:20 +09:00]] 版))
<http://w3c.github.io/webappsec/specs/subresourceintegrity/>
[5] [CITE@en[Fix old digest attribute · 80721db · w3c/webappsec]] ([TIME[2014-10-18 14:28:35 +09:00]] 版) <https://github.com/w3c/webappsec/commit/80721db13315f38d9a46dbd824fc2939619d50f0>
[6] [CITE@en[1100206 – Teach the parser about the integrity attribute]]
([TIME[2015-02-19 12:25:29 +09:00]] 版)
<https://bugzilla.mozilla.org/show_bug.cgi?id=1100206>
[7] [CITE@en[Changed integrity productions to reflect per-hash-expression options and... · w3c/webappsec@54e31a1]]
([TIME[2015-04-10 00:34:48 +09:00]] 版)
<https://github.com/w3c/webappsec/commit/54e31a12846eff424a018ce9d2078cfec798a888>
[8] [CITE@en[Got rid of MIME type references, other than note that they may be added ... · w3c/webappsec@beec679]]
([TIME[2015-04-10 00:34:59 +09:00]] 版)
<https://github.com/w3c/webappsec/commit/beec679207dbdd02231d6f7090833ecb2e1690cc>
[9] [CITE@en[Modified metadata algorithm to generate a set of strong hashes. · w3c/webappsec@7b00748]]
([TIME[2015-04-10 00:37:22 +09:00]] 版)
<https://github.com/w3c/webappsec/commit/7b00748ea09ca291215c8802a296ccda6c226d43>
[10] [CITE@en[Subresource Integrity]]
([TIME[2015-04-09 17:26:24 +09:00]] 版)
<http://www.w3.org/TR/2015/WD-SRI-20150409/>
[12] [CITE@en[Subresource Integrity]]
([TIME[2015-05-05 23:26:33 +09:00]] 版)
<http://www.w3.org/TR/2015/WD-SRI-20150505/>
[13] [CITE@en[''''''[''''''SRI'''''']'''''' Requiring CORS for SRI]]
([[Tanvi Vyas]] 著, [TIME[2015-05-07 03:17:41 +09:00]] 版)
<https://lists.w3.org/Archives/Public/public-webappsec/2015May/0023.html>
[14] [CITE[Issue 1186883003: Ship Subresource Integrity - Code Review]]
([TIME[2015-06-20 11:40:17 +09:00]] 版)
<https://codereview.chromium.org/1186883003/>
[15] [CITE@en[SRI: Shipped on tip-of-tree Chromium]]
([[Joel Weinberger]] 著, [TIME[2015-06-20 04:06:46 +09:00]] 版)
<https://lists.w3.org/Archives/Public/public-webappsec/2015Jun/0053.html>
[16] [CITE@en[Subresource Integrity]]
([TIME[2015-07-07 16:18:55 +09:00]] 版)
<http://www.w3.org/TR/2015/WD-SRI-20150707/>
[17] [CITE@en[Support integrity. Fixes #85. · whatwg/fetch@12a1a6c]]
([TIME[2015-07-24 23:05:10 +09:00]] 版)
<https://github.com/whatwg/fetch/commit/12a1a6cc539262fb5e58717047b0fcb70b38ae26>
[18] [CITE@en[Bug 148363 – Implement Subresource Integrity (SRI)]]
([TIME[2015-08-24 11:38:53 +09:00]] 版)
<https://bugs.webkit.org/show_bug.cgi?id=148363>
[19] [CITE@en[Subresource Integrity]]
([TIME[2015-09-16 22:14:01 +09:00]] 版)
<http://www.w3.org/TR/2015/WD-SRI-20150916/>
[FIG(quote)[
[FIGCAPTION[
[20] [CITE[IRC logs: freenode / #whatwg / 20150928]]
([TIME[2015-09-29 10:44:08 +09:00]] 版)
<http://krijnhoetmer.nl/irc-logs/whatwg/20150928>
]FIGCAPTION]
>
> # '''['''10:44''']''' <mkwst> terinjokes: SRI only applies to those elements because the current spec is basically a test to check that we can actually verify integrity on the wild and crazy internet.
> # '''['''10:44''']''' <mkwst> terinjokes: Basically, they decided to do the simplest thing possible, make sure it works, and then expand it based on that experience.
> # '''['''10:45''']''' <mkwst> terinjokes: Tacking `integrity` attributes onto other elements as necessary is an obvious next step.
]FIG]
[21] [CITE@en[Subresource Integrity]]
([TIME[2015-10-06 22:14:42 +09:00]] 版)
<https://w3c.github.io/webappsec-subresource-integrity/>
[22] [CITE@en[w3c/webappsec-subresource-integrity]]
([TIME[2015-10-06 23:28:21 +09:00]] 版)
<https://github.com/w3c/webappsec-subresource-integrity>
[23] [CITE@en[Subresource Integrity]]
([TIME[2015-10-06 23:13:38 +09:00]] 版)
<http://www.w3.org/TR/2015/WD-SRI-20151006/>
[24] [CITE@en[Merge pull request #4 from fmarier/simplify-eligibility-alg · w3c/webappsec-subresource-integrity@f98f344]]
([TIME[2015-10-22 11:46:04 +09:00]] 版)
<https://github.com/w3c/webappsec-subresource-integrity/commit/f98f344856977a106f2660d4e75c697102f7c057>
[25] [CITE@en[Subresource Integrity]]
( ([TIME[2015-11-12 22:23:57 +09:00]] 版))
<http://www.w3.org/TR/2015/CR-SRI-20151112/>
[26] [CITE@en[Re: ''''''[''''''SRI'''''']'''''' Unmentioned use case: caching]]
([[Joel Weinberger]] 著, [TIME[2015-12-22 00:41:02 +09:00]] 版)
<https://lists.w3.org/Archives/Public/public-webappsec/2015Dec/0042.html>
[27] [CITE@en-us[Subresource Integrity - GitHub Engineering]]
([TIME[2015-12-18 00:30:15 +09:00]] 版)
<http://githubengineering.com/subresource-integrity/>
[28] [CITE@en[''''''[''''''CSP'''''']'''''' "sri" source expression to enforce SRI]]
([[Patrick Toomey]] 著, [TIME[2015-12-22 02:34:34 +09:00]] 版)
<https://lists.w3.org/Archives/Public/public-webappsec/2015Dec/0045.html>
[29] [CITE@en[Convert to Bikeshed. Should be all formatting changes, which includes… · w3c/webappsec-subresource-integrity@4b6816d]]
([TIME[2016-01-21 12:15:20 +09:00]] 版)
<https://github.com/w3c/webappsec-subresource-integrity/commit/4b6816d922587922a2b89854b384a89db6e5fd8b>
[30] [CITE@en[Allow hashes to match external scripts · w3c/webappsec-csp@a299d38]]
([TIME[2016-04-26 12:10:58 +09:00]] 版)
<https://github.com/w3c/webappsec-csp/commit/a299d38d1b54e3d9612d11fb69cc8174b5e44051>
[31] [CITE@en[Subresource Integrity]]
( ([TIME[2016-05-09 18:03:08 +09:00]]))
<https://www.w3.org/TR/2016/PR-SRI-20160510/>
[32] [CITE@en[reference `require-sri-for` in SRI specification (#93)]]
( ([[shekyan]]著, [TIME[2016-06-22 18:00:34 +09:00]]))
<https://github.com/w3c/webappsec-csp/commit/7b8762c599a5f7fa53d15df4629e763f6ed53c60>
[33] [CITE@en[Subresource Integrity]]
([TIME[2016-06-21 00:01:23 +09:00]])
<https://www.w3.org/TR/2016/REC-SRI-20160623/>
[34] [CITE@en[Subresource Integrity]]
([TIME[2016-06-21 00:01:23 +09:00]])
<https://www.w3.org/TR/2016/REC-SRI-20160623/>
[35] [CITE@en[Subresource Integrity]]
([TIME[2016-06-22 03:22:12 +09:00]])
<https://w3c.github.io/webappsec-subresource-integrity/>
[37] [CITE@en[w3c/webappsec-subresource-integrity: WebAppSec Subresource Integrity]]
([TIME[2016-06-30 12:18:52 +09:00]])
<https://github.com/w3c/webappsec-subresource-integrity>
[38] [CITE@en[GitHub implements Subresource Integrity]]
([TIME[2016-07-30 16:00:20 +09:00]])
<https://github.com/blog/2058-github-implements-subresource-integrity>