Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SRI: Consider adding <svg:script> with the same behavior as <html:script> #396

Open
erikdahlstrom opened this issue Jun 6, 2015 · 2 comments

Comments

@erikdahlstrom
Copy link

commented Jun 6, 2015

Since html5, <script> and <svg:script> can exist in the same document. It doesn't make sense to me to only add SRI to the html one, please make them both the same (adding the integrity attribute on <svg:script>).

I'd be happy to raise this topic with the SVG WG too, and there are other elements that might be interesting to sync later on (e.g <svg:image>).

@fmarier fmarier added the SRI label Jun 6, 2015

@fmarier fmarier added this to the SRI-next milestone Jun 6, 2015

@fmarier fmarier changed the title Consider adding <svg:script> with the same behavior as <html:script> SRI: Consider adding <svg:script> with the same behavior as <html:script> Jun 6, 2015

@metromoxie

This comment has been minimized.

Copy link
Contributor

commented Jun 6, 2015

This is a fantastic point. I think that, unfortunately, it's not going to happen for v1, but I can't imagine it will be difficult to add in the next round of the spec.

@annevk

This comment has been minimized.

Copy link
Member

commented Jun 9, 2015

This would be way easier if SVG defined its fetching in terms of Fetch.

mikewest pushed a commit to mikewest/webappsec that referenced this issue Jun 29, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.