一貫性メタデータ

integrity 属性 (HTML)

仕様書

意味

[44] 要素によって行われる要求一貫性メタデータを表します。 >>43, >>49

構文

[46] 属性値は、テキストです >>43, >>49

文脈

[51] link 要素script 要素に指定できます。

[45] link 要素にあっては、 rel 属性stylesheet が指定されていない限り、 指定してはなりません >>43

[47] それ以外では、指定しても無視されます。

[52] script 要素にあっては、 データブロックモジュールスクリプトを表す時、 あるいは src 属性がない時、 指定してはなりません >>49

[53] integrity は、古典スクリプトモジュールスクリプトに適用されます。 データブロックに指定しても、無視されます。

[65] スクリプトfetchオプション群は、 一貫性メタデータ (integrity metadata) を持ちます HTML Standardスクリプトの作成時に設定され、 スクリプトのfetchで参照されます。

処理

[48] obtain the resource で参照されます。

[54] script 要素の処理で参照されます。

IDL 属性

[50] HTMLLinkElement インターフェイスintegrity IDL属性は、 integrity 内容属性文字列として反映するものです >>43

歴史

参照元にハッシュ値を埋め込む提案と失敗の歴史

[11] Link Hashes - WHATWG Wiki ( 版) https://wiki.whatwg.org/wiki/Link_Hashes

[1] Subresource Integrity ( ( 版)) http://www.w3.org/TR/2014/WD-SRI-20140318/

[2] Subresource Integrity ( ( 版)) http://w3c.github.io/webappsec/specs/subresourceintegrity/

[3] IRC logs: freenode / #whatwg / 20140613 ( ( 版)) http://krijnhoetmer.nl/irc-logs/whatwg/20140613#l-229

[4] Subresource Integrity ( ( 版)) http://w3c.github.io/webappsec/specs/subresourceintegrity/

[5] Fix old digest attribute · 80721db · w3c/webappsec ( 版) https://github.com/w3c/webappsec/commit/80721db13315f38d9a46dbd824fc2939619d50f0

[6] 1100206 – Teach the parser about the integrity attribute ( 版) https://bugzilla.mozilla.org/show_bug.cgi?id=1100206

[7] Changed integrity productions to reflect per-hash-expression options and... · w3c/webappsec@54e31a1 ( 版) https://github.com/w3c/webappsec/commit/54e31a12846eff424a018ce9d2078cfec798a888

[8] Got rid of MIME type references, other than note that they may be added ... · w3c/webappsec@beec679 ( 版) https://github.com/w3c/webappsec/commit/beec679207dbdd02231d6f7090833ecb2e1690cc

[9] Modified metadata algorithm to generate a set of strong hashes. · w3c/webappsec@7b00748 ( 版) https://github.com/w3c/webappsec/commit/7b00748ea09ca291215c8802a296ccda6c226d43

[10] Subresource Integrity ( 版) http://www.w3.org/TR/2015/WD-SRI-20150409/

[12] Subresource Integrity ( 版) http://www.w3.org/TR/2015/WD-SRI-20150505/

[13] [SRI] Requiring CORS for SRI (Tanvi Vyas 著, 版) https://lists.w3.org/Archives/Public/public-webappsec/2015May/0023.html

[14] Issue 1186883003: Ship Subresource Integrity - Code Review ( 版) https://codereview.chromium.org/1186883003/

[15] SRI: Shipped on tip-of-tree Chromium (Joel Weinberger 著, 版) https://lists.w3.org/Archives/Public/public-webappsec/2015Jun/0053.html

[16] Subresource Integrity ( 版) http://www.w3.org/TR/2015/WD-SRI-20150707/

[17] Support integrity. Fixes #85. · whatwg/fetch@12a1a6c ( 版) https://github.com/whatwg/fetch/commit/12a1a6cc539262fb5e58717047b0fcb70b38ae26

[18] Bug 148363 – Implement Subresource Integrity (SRI) ( 版) https://bugs.webkit.org/show_bug.cgi?id=148363

[19] Subresource Integrity ( 版) http://www.w3.org/TR/2015/WD-SRI-20150916/

[20] IRC logs: freenode / #whatwg / 20150928 ( 版) http://krijnhoetmer.nl/irc-logs/whatwg/20150928

# [10:44] <mkwst> terinjokes: SRI only applies to those elements because the current spec is basically a test to check that we can actually verify integrity on the wild and crazy internet.

# [10:44] <mkwst> terinjokes: Basically, they decided to do the simplest thing possible, make sure it works, and then expand it based on that experience.

# [10:45] <mkwst> terinjokes: Tacking `integrity` attributes onto other elements as necessary is an obvious next step.

[21] Subresource Integrity ( 版) https://w3c.github.io/webappsec-subresource-integrity/

[22] w3c/webappsec-subresource-integrity ( 版) https://github.com/w3c/webappsec-subresource-integrity

[23] Subresource Integrity ( 版) http://www.w3.org/TR/2015/WD-SRI-20151006/

[24] Merge pull request #4 from fmarier/simplify-eligibility-alg · w3c/webappsec-subresource-integrity@f98f344 ( 版) https://github.com/w3c/webappsec-subresource-integrity/commit/f98f344856977a106f2660d4e75c697102f7c057

[25] Subresource Integrity ( ( 版)) http://www.w3.org/TR/2015/CR-SRI-20151112/

[26] Re: [SRI] Unmentioned use case: caching (Joel Weinberger 著, 版) https://lists.w3.org/Archives/Public/public-webappsec/2015Dec/0042.html

[27] Subresource Integrity - GitHub Engineering ( 版) http://githubengineering.com/subresource-integrity/

[28] [CSP] "sri" source expression to enforce SRI (Patrick Toomey 著, 版) https://lists.w3.org/Archives/Public/public-webappsec/2015Dec/0045.html

[29] Convert to Bikeshed. Should be all formatting changes, which includes… · w3c/webappsec-subresource-integrity@4b6816d ( 版) https://github.com/w3c/webappsec-subresource-integrity/commit/4b6816d922587922a2b89854b384a89db6e5fd8b

[30] Allow hashes to match external scripts · w3c/webappsec-csp@a299d38 ( 版) https://github.com/w3c/webappsec-csp/commit/a299d38d1b54e3d9612d11fb69cc8174b5e44051

[31] Subresource Integrity ( ()) https://www.w3.org/TR/2016/PR-SRI-20160510/

[32] reference `require-sri-for` in SRI specification (#93) ( (shekyan著, )) https://github.com/w3c/webappsec-csp/commit/7b8762c599a5f7fa53d15df4629e763f6ed53c60

[33] Subresource Integrity () https://www.w3.org/TR/2016/REC-SRI-20160623/

[34] Subresource Integrity () https://www.w3.org/TR/2016/REC-SRI-20160623/

[35] Subresource Integrity () https://w3c.github.io/webappsec-subresource-integrity/

[37] w3c/webappsec-subresource-integrity: WebAppSec Subresource Integrity () https://github.com/w3c/webappsec-subresource-integrity

[38] GitHub implements Subresource Integrity () https://github.com/blog/2058-github-implements-subresource-integrity

[39] Subresource Integrity Addressable Caching () https://hillbrad.github.io/sri-addressable-caching/sri-addressable-caching.html

[40] Clarifying SRI integration. (mikewest著, ) https://github.com/w3c/webappsec-csp/commit/68aecb5003b0081afcc4f70524b81f8b381aa97c

[41] Upstream SRI's 'integrity' attribute (mikewest著, ) https://github.com/whatwg/html/commit/4c5066c171610e0c8300a58baf4f94816044cedc

[42] Disallow the integrity attribute for inline scripts (zcorpan著, ) https://github.com/whatwg/html/commit/7a405842a176c30a5d46c3520a1c8827b5483961

[55] Be clearer about the "parse metadata" algorithm. (jyasskin著, ) https://github.com/w3c/webappsec-subresource-integrity/commit/78e3b73832b87ca83f562cf8dd6f1ae2f5aa196e

[56] Subresource Integrity Addressable Caching () https://hillbrad.github.io/sri-addressable-caching/sri-addressable-caching.html

[57] Add signature-based explainer. (mikewest著, ) https://github.com/w3c/webappsec-subresource-integrity/commit/f6b778b6c9f90857b99ebcca34efb55247218b5f

[58] Proposal: Signatures in SRI. (Mike West著, ) https://lists.w3.org/Archives/Public/public-webappsec/2017Jun/0000.html

[59] Using integrity with "no-cors" is fine same-origin (annevk著, ) https://github.com/whatwg/fetch/commit/686a1ad9e1c5a001531ebabb1bcd163dfe78edd8

[60] TypeError on Request.integrity with no-cors mode is a foot gun · Issue #583 · whatwg/fetch () https://github.com/whatwg/fetch/issues/583

[61] Using integrity with "no-cors" is fine same-origin by annevk · Pull Request #584 · whatwg/fetch () https://github.com/whatwg/fetch/pull/584

[62] Add integrity="" for module scripts, and integrate dynamic import() by domenic · Pull Request #3044 · whatwg/html () https://github.com/whatwg/html/pull/3044

[63] Make integrity="" work on module scripts (domenic著, ) https://github.com/whatwg/html/commit/9275d955dcd604e959cfcc672e0c234b1b8c00db

[64] Make integrity="" work on module scripts (domenic著, ) https://github.com/whatwg/html/commit/9275d955dcd604e959cfcc672e0c234b1b8c00db

[66] Does integrity="" intentionally not work on module <script>s? · Issue #2382 · whatwg/html () https://github.com/whatwg/html/issues/2382

[67] Add integrity="" for module scripts, and integrate dynamic import() by domenic · Pull Request #3044 · whatwg/html () https://github.com/whatwg/html/pull/3044

[68] Signature-based SRI and CDNs (Mark Nottingham著, ) https://lists.w3.org/Archives/Public/public-webappsec/2017Nov/0014.html

[69] Re: SRI and signatures (Daniel Vogelheim著, ) https://lists.w3.org/Archives/Public/public-webappsec/2017Dec/0012.html

[70] Add <link> rel="modulepreload" by domenic · Pull Request #2383 · whatwg/html () https://github.com/whatwg/html/pull/2383

[71] New WebKit Features in Safari 11.1 | WebKit () https://webkit.org/blog/8216/new-webkit-features-in-safari-11-1/

[72] New WebKit Features in Safari 11.1 | WebKit () https://webkit.org/blog/8216/new-webkit-features-in-safari-11-1/

[73] Added note explaining difference between SRI and CSP hashes (#344) (andypaicu著, ) https://github.com/w3c/webappsec-csp/commit/24ca8417f5d1326d1c589833ba0e9e39678f4ed0

[74] Adding note explaining difference between SRI and CSP hashes by andypaicu · Pull Request #344 · w3c/webappsec-csp () https://github.com/w3c/webappsec-csp/pull/344

[75] "Whitelisting external JavaScript with hashes" incorrectly assumes encoding of sources · Issue #110 · w3c/webappsec-csp () https://github.com/w3c/webappsec-csp/issues/110

[76] Revert `require-sri-for` (#82) (mozfreddyb著, ) https://github.com/w3c/webappsec-subresource-integrity/commit/4716b7278b553c9d5bf10ee56e00570a737ee896

[77] Revert `require-sri-for` by mozfreddyb · Pull Request #82 · w3c/webappsec-subresource-integrity () https://github.com/w3c/webappsec-subresource-integrity/pull/82

[78] SRI spec Maintenance (Frederik Braun著, ) https://lists.w3.org/Archives/Public/public-webappsec/2019Jul/0002.html