mirror of https://github.com/Y2Z/monolith
Merge pull request #124 from snshn/adr-integrity
Propose ADR 0004: Asset integrity checkpull/179/head
commit
d848179a43
@ -0,0 +1,28 @@
|
||||
# 4. Asset integrity check
|
||||
|
||||
Date: 2020-02-23
|
||||
|
||||
## Status
|
||||
|
||||
Proposed
|
||||
|
||||
## Context
|
||||
|
||||
In HTML5, `link` and `script` nodes have an attribute named
|
||||
`integrity`, which lets the browser check if the remote file is
|
||||
valid, mostly for the purpose of enhancing page security.
|
||||
|
||||
## Decision
|
||||
|
||||
In order to replicate browsers' behavior, the program should
|
||||
perform integrity check the same way browsers do, excluding the
|
||||
linked asset from the final result if such check fails.
|
||||
|
||||
The `integrity` attribute should be removed from nodes,
|
||||
as it bears no benefit for resources embedded as data URLs.
|
||||
|
||||
## Consequences
|
||||
|
||||
Assets that fail to pass the check get excluded from the saved document.
|
||||
|
||||
Saved documents no longer contain integrity attributes on all `link` and `script` nodes.
|
Loading…
Reference in New Issue