[whatwg] hash Attribute

Gervase Markham gerv at mozilla.org
Wed Nov 15 10:16:38 PST 2006


Michel Fortin wrote:
> I'm beginning to think that the link "fingerprint" method is best 
> solution because the hash is more portable as part of the URL. I could 
> for instance copy a fingerprinted URL right into this email:
> 
>     http://example.com/file#!md5!b3187253c1667fac7d20bb762ad53967

Indeed, that's one of the major use cases.

> and a knowledgeable browser receiving this URL would know how to check 
> the validity of the received document. The two concerns I have with it 
> is that it somewhat distorts the concept of a fragment identifier, 

It does a bit; but the fragment identifier is unused for binary 
downloads, so there's not much risk of a clash. Also, "!" is currently 
not legal in HTML ids, AIUI.

> and 
> it's generally going to be lost if there is any redirection (although a 
> browser that knows about fingerprints could keep them across redirections).

Indeed. In fact, it would be a security flaw to update the identifier on 
redirect.

Gerv




More information about the whatwg mailing list