integrity

integrity 属性 (HTML)

仕様書

意味

[44] 要素によって行われる要求一貫性メタデータを表します。 >>43, >>49

構文

[46] 属性値は、テキストです >>43, >>49

文脈

[51] link 要素script 要素に指定できます。

[45] link 要素にあっては、 rel 属性stylesheet が指定されていない限り、 指定してはなりません >>43

[47] それ以外では、指定しても無視されます。

[52] script 要素にあっては、 データブロックモジュールスクリプトを表す時、 あるいは src 属性がない時、 指定してはなりません >>49

[53] integrity は、古典スクリプトモジュールスクリプトに適用されます。 データブロックに指定しても、無視されます。

[65] スクリプトfetchオプション群は、 一貫性メタデータ (integrity metadata) を持ちます HTML Standardスクリプトの作成時に設定され、 スクリプトのfetchで参照されます。

処理

[48] obtain the resource で参照されます。

[54] script 要素の処理で参照されます。

IDL 属性

[50] HTMLLinkElement インターフェイスintegrity IDL属性は、 integrity 内容属性文字列として反映するものです >>43

歴史

[11] Link Hashes - WHATWG Wiki ( 版) <https://wiki.whatwg.org/wiki/Link_Hashes>

[1] Subresource Integrity ( ( 版)) <http://www.w3.org/TR/2014/WD-SRI-20140318/>

[2] Subresource Integrity ( ( 版)) <http://w3c.github.io/webappsec/specs/subresourceintegrity/>

[3] IRC logs: freenode / #whatwg / 20140613 ( ( 版)) <http://krijnhoetmer.nl/irc-logs/whatwg/20140613#l-229>

[4] Subresource Integrity ( ( 版)) <http://w3c.github.io/webappsec/specs/subresourceintegrity/>

[5] Fix old digest attribute · 80721db · w3c/webappsec ( 版) <https://github.com/w3c/webappsec/commit/80721db13315f38d9a46dbd824fc2939619d50f0>

[6] 1100206 – Teach the parser about the integrity attribute ( 版) <https://bugzilla.mozilla.org/show_bug.cgi?id=1100206>

[7] Changed integrity productions to reflect per-hash-expression options and... · w3c/webappsec@54e31a1 ( 版) <https://github.com/w3c/webappsec/commit/54e31a12846eff424a018ce9d2078cfec798a888>

[8] Got rid of MIME type references, other than note that they may be added ... · w3c/webappsec@beec679 ( 版) <https://github.com/w3c/webappsec/commit/beec679207dbdd02231d6f7090833ecb2e1690cc>

[9] Modified metadata algorithm to generate a set of strong hashes. · w3c/webappsec@7b00748 ( 版) <https://github.com/w3c/webappsec/commit/7b00748ea09ca291215c8802a296ccda6c226d43>

[10] Subresource Integrity ( 版) <http://www.w3.org/TR/2015/WD-SRI-20150409/>

[12] Subresource Integrity ( 版) <http://www.w3.org/TR/2015/WD-SRI-20150505/>

[13] [SRI] Requiring CORS for SRI (Tanvi Vyas 著, 版) <https://lists.w3.org/Archives/Public/public-webappsec/2015May/0023.html>

[14] Issue 1186883003: Ship Subresource Integrity - Code Review ( 版) <https://codereview.chromium.org/1186883003/>

[15] SRI: Shipped on tip-of-tree Chromium (Joel Weinberger 著, 版) <https://lists.w3.org/Archives/Public/public-webappsec/2015Jun/0053.html>

[16] Subresource Integrity ( 版) <http://www.w3.org/TR/2015/WD-SRI-20150707/>

[17] Support integrity. Fixes #85. · whatwg/fetch@12a1a6c ( 版) <https://github.com/whatwg/fetch/commit/12a1a6cc539262fb5e58717047b0fcb70b38ae26>

[18] Bug 148363 – Implement Subresource Integrity (SRI) ( 版) <https://bugs.webkit.org/show_bug.cgi?id=148363>

[19] Subresource Integrity ( 版) <http://www.w3.org/TR/2015/WD-SRI-20150916/>

[20] IRC logs: freenode / #whatwg / 20150928 ( 版) <http://krijnhoetmer.nl/irc-logs/whatwg/20150928>

# [10:44] <mkwst> terinjokes: SRI only applies to those elements because the current spec is basically a test to check that we can actually verify integrity on the wild and crazy internet.

# [10:44] <mkwst> terinjokes: Basically, they decided to do the simplest thing possible, make sure it works, and then expand it based on that experience.

# [10:45] <mkwst> terinjokes: Tacking `integrity` attributes onto other elements as necessary is an obvious next step.

[21] Subresource Integrity ( 版) <https://w3c.github.io/webappsec-subresource-integrity/>

[22] w3c/webappsec-subresource-integrity ( 版) <https://github.com/w3c/webappsec-subresource-integrity>

[23] Subresource Integrity ( 版) <http://www.w3.org/TR/2015/WD-SRI-20151006/>

[24] Merge pull request #4 from fmarier/simplify-eligibility-alg · w3c/webappsec-subresource-integrity@f98f344 ( 版) <https://github.com/w3c/webappsec-subresource-integrity/commit/f98f344856977a106f2660d4e75c697102f7c057>

[25] Subresource Integrity ( ( 版)) <http://www.w3.org/TR/2015/CR-SRI-20151112/>

[26] Re: [SRI] Unmentioned use case: caching (Joel Weinberger 著, 版) <https://lists.w3.org/Archives/Public/public-webappsec/2015Dec/0042.html>

[27] Subresource Integrity - GitHub Engineering ( 版) <http://githubengineering.com/subresource-integrity/>

[28] [CSP] "sri" source expression to enforce SRI (Patrick Toomey 著, 版) <https://lists.w3.org/Archives/Public/public-webappsec/2015Dec/0045.html>

[29] Convert to Bikeshed. Should be all formatting changes, which includes… · w3c/webappsec-subresource-integrity@4b6816d ( 版) <https://github.com/w3c/webappsec-subresource-integrity/commit/4b6816d922587922a2b89854b384a89db6e5fd8b>

[30] Allow hashes to match external scripts · w3c/webappsec-csp@a299d38 ( 版) <https://github.com/w3c/webappsec-csp/commit/a299d38d1b54e3d9612d11fb69cc8174b5e44051>

[31] Subresource Integrity ( ()) <https://www.w3.org/TR/2016/PR-SRI-20160510/>

[32] reference `require-sri-for` in SRI specification (#93) ( (shekyan著, )) <https://github.com/w3c/webappsec-csp/commit/7b8762c599a5f7fa53d15df4629e763f6ed53c60>

[33] Subresource Integrity () <https://www.w3.org/TR/2016/REC-SRI-20160623/>

[34] Subresource Integrity () <https://www.w3.org/TR/2016/REC-SRI-20160623/>

[35] Subresource Integrity () <https://w3c.github.io/webappsec-subresource-integrity/>

[37] w3c/webappsec-subresource-integrity: WebAppSec Subresource Integrity () <https://github.com/w3c/webappsec-subresource-integrity>

[38] GitHub implements Subresource Integrity () <https://github.com/blog/2058-github-implements-subresource-integrity>

[39] Subresource Integrity Addressable Caching () <https://hillbrad.github.io/sri-addressable-caching/sri-addressable-caching.html>

[40] Clarifying SRI integration. (mikewest著, ) <https://github.com/w3c/webappsec-csp/commit/68aecb5003b0081afcc4f70524b81f8b381aa97c>

[41] Upstream SRI's 'integrity' attribute (mikewest著, ) <https://github.com/whatwg/html/commit/4c5066c171610e0c8300a58baf4f94816044cedc>

[42] Disallow the integrity attribute for inline scripts (zcorpan著, ) <https://github.com/whatwg/html/commit/7a405842a176c30a5d46c3520a1c8827b5483961>

[55] Be clearer about the "parse metadata" algorithm. (jyasskin著, ) <https://github.com/w3c/webappsec-subresource-integrity/commit/78e3b73832b87ca83f562cf8dd6f1ae2f5aa196e>

[56] Subresource Integrity Addressable Caching () <https://hillbrad.github.io/sri-addressable-caching/sri-addressable-caching.html>

[57] Add signature-based explainer. (mikewest著, ) <https://github.com/w3c/webappsec-subresource-integrity/commit/f6b778b6c9f90857b99ebcca34efb55247218b5f>

[58] Proposal: Signatures in SRI. (Mike West著, ) <https://lists.w3.org/Archives/Public/public-webappsec/2017Jun/0000.html>

[59] Using integrity with "no-cors" is fine same-origin (annevk著, ) <https://github.com/whatwg/fetch/commit/686a1ad9e1c5a001531ebabb1bcd163dfe78edd8>

[60] TypeError on Request.integrity with no-cors mode is a foot gun · Issue #583 · whatwg/fetch () <https://github.com/whatwg/fetch/issues/583>

[61] Using integrity with "no-cors" is fine same-origin by annevk · Pull Request #584 · whatwg/fetch () <https://github.com/whatwg/fetch/pull/584>

[62] Add integrity="" for module scripts, and integrate dynamic import() by domenic · Pull Request #3044 · whatwg/html () <https://github.com/whatwg/html/pull/3044>

[63] Make integrity="" work on module scripts (domenic著, ) <https://github.com/whatwg/html/commit/9275d955dcd604e959cfcc672e0c234b1b8c00db>

[64] Make integrity="" work on module scripts (domenic著, ) <https://github.com/whatwg/html/commit/9275d955dcd604e959cfcc672e0c234b1b8c00db>

[66] Does integrity="" intentionally not work on module <script>s? · Issue #2382 · whatwg/html () <https://github.com/whatwg/html/issues/2382>

[67] Add integrity="" for module scripts, and integrate dynamic import() by domenic · Pull Request #3044 · whatwg/html () <https://github.com/whatwg/html/pull/3044>

[68] Signature-based SRI and CDNs (Mark Nottingham著, ) <https://lists.w3.org/Archives/Public/public-webappsec/2017Nov/0014.html>

[69] Re: SRI and signatures (Daniel Vogelheim著, ) <https://lists.w3.org/Archives/Public/public-webappsec/2017Dec/0012.html>

[70] Add <link> rel="modulepreload" by domenic · Pull Request #2383 · whatwg/html () <https://github.com/whatwg/html/pull/2383>

[71] New WebKit Features in Safari 11.1 | WebKit () <https://webkit.org/blog/8216/new-webkit-features-in-safari-11-1/>

[72] New WebKit Features in Safari 11.1 | WebKit () <https://webkit.org/blog/8216/new-webkit-features-in-safari-11-1/>