On 24/03/17 17:12, Gregory Szorc wrote: > This got me thinking: why doesn't the user agent get involved to help > provide better download security? What my (not a web standard spec author) > brain came up with is standardized metadata in the HTML for the download > link (probably an <a>) that defines file integrity information.
https://www.gerv.net/security/link-fingerprints/ . The SRI team apparently didn't cover <a> in their first version because it was in some way more complicated to get right than the tags they did cover. But perhaps they remain open to doing so in a future version? Gerv _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform