SRI examples are incomplete

[codingjoe]

MDN URL

https://developer.mozilla.org/en-US/docs/Web/Security/Defenses/Subresource_Integrity

What specific section or headline is this issue about?

Using Subresource Integrity

What information was incorrect, unhelpful, or incomplete?

The standard describes multiple integrity values, but the current node doesn't mention which delimiter is used.

What did you expect to see?

It's a space; see also https://www.w3.org/TR/sri/#agility

I'd love to have all examples include multiple hashes. According to the standard, the browser should choose a hash or hash-function. Therefore, a server should probably offer ALL digest functions.

Furthermore, you'd love to add an example of the same digest function being used twice. Since you can add the same twice, in case you respond differently depending on request headers.

Do you have any supporting links, references, or citations?

https://www.w3.org/TR/sri/#agility

Do you have anything more you want to share?

Affected pages:

https://developer.mozilla.org/en-US/docs/Web/Security/Defenses/Subresource_Integrity
https://developer.mozilla.org/en-US/docs/Web/API/HTMLScriptElement/integrity

[wbamberg]

Thanks for filing! We should definitely document this, I'll try to get something in the next week. Would be great to see SRI in Django <3.

[codingjoe]

Thanks for filing! We should definitely document this, I'll try to get something in the next week.

My pleasure. Thanks for your consideration.

Would be great to see SRI in Django <3.

Wouldn't it 😉