@@ -806,16 +806,42 @@ Setting the `integrity` attribute MUST run these steps:
806
806
807</section ><!-- /Framework::JS::XHR::integrity -->
807</section ><!-- /Framework::JS::XHR::integrity -->
808
808
809+ <section >
810+ ##### Progress events
811+
812+ Validation only takes place when the entire resource body has been
813+ downloaded. Data processed before the resource has completely
814+ loaded (or failed to load) is unvalidated, and potentially corrupt.
815+ For that reason, if the document's [ integrity policy] [ ]
816+ is ` block ` , progress events will not fire until the fetch has
817+ completed, one way or another.
818+
819+ If the document's [ integrity policy] [ ] is not ` block ` , developers who
820+ care about integrity validation SHOULD still ignore progress events
821+ fired while the resource is downloading, and instead listen only for
822+ the ` load ` , ` abort ` , and ` error ` events.
823+
824+ Whenever the user agent would [ fire a progress event] [ ] named ` progress `
825+ for an XMLHttpRequest object, run the following steps:
826+
827+ 1 . If the object's ` integrity ` attribute is the empty string,
828+ abort these steps, and proceed directly to firing the event.
829+ 2 . If the document's [ integrity policy] [ ] is not ` block ` , abort
830+ these steps, and proceed directly to firing the event.
831+ 3 . Otherwise, the user agent MUST NOT fire the progress event.
832+
833+ [ fire a progress event ] : https://dvcs.w3.org/hg/progress/raw-file/tip/Overview.html#concept-event-fire-progress
834+ </section ><!-- /Framework::JS::XHR::integrity -->
835+
809<section >
836<section >
810##### Validation
837##### Validation
811
838
812Whenever the user agent would [ switch an ` XMLHttpRequest ` object to the
839Whenever the user agent would [ switch an ` XMLHttpRequest ` object to the
813` DONE ` state] [ switch-done ] , then perform the following steps before
840` DONE ` state] [ switch-done ] , then perform the following steps before
814switching state:
841switching state:
815
842
816- 1 . If the ` integrity ` attribute is the empty string, or if the
843+ 1 . If the response's integrity state is ` intact ` or ` indeterminate ` ,
817- [ response entity body] [ ] [ matches the value of the ` integrity `
844+ then abort these steps, and continue to
818- attribute] [ match ] , then abort these steps, and continue to
819 [ switch to the ` DONE ` state] [ switch-done ] .
845 [ switch to the ` DONE ` state] [ switch-done ] .
8202 . Otherwise, [ report a violation] [ ] , and run the following steps
8462 . Otherwise, [ report a violation] [ ] , and run the following steps
821 if the document's [ integrity policy] [ ] is ` block ` :
847 if the document's [ integrity policy] [ ] is ` block ` :
@@ -824,12 +850,6 @@ switching state:
824 [ ` NetworkError ` ] [ xhrnetworkerror ] and event [ ` error ` ] [ xhrerror ] .
850 [ ` NetworkError ` ] [ xhrnetworkerror ] and event [ ` error ` ] [ xhrerror ] .
825 3 . Do not continue to [ switch to the ` DONE ` state] [ switch-done ] .
851 3 . Do not continue to [ switch to the ` DONE ` state] [ switch-done ] .
826
852
827- This validation only takes place when the entire resource body has been
828- downloaded. For that reason, developers who care about integrity validation
829- SHOULD ignore progress events fired while the resource is downloading, and
830- instead listen only for the ` load ` and ` error ` events. Data processed
831- before the ` load ` event fires is unvalidated, and potentially corrupt.
832-
833[ switch-done ] : https://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html#switch-done
853[ switch-done ] : https://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html#switch-done
834[ response entity body ] : https://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html#response-entity-body
854[ response entity body ] : https://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html#response-entity-body
835[ request error ] : http://www.w3.org/TR/XMLHttpRequest/#request-error
855[ request error ] : http://www.w3.org/TR/XMLHttpRequest/#request-error
0 commit comments