[whatwg] validate attribute in <A>

Ian Hickson ian at hixie.ch
Mon Nov 5 18:52:55 PST 2007

On Mon, 5 Nov 2007, Jon Barnett wrote:
> On 11/5/07, Ian Hickson <ian at hixie.ch> wrote:
> >
> > Philip brought up a good point on IRC which is that hashing the entity
> > doesn't protect against changes to the headers (and hashing the headers
> > isn't workable since they change).
> If it were to be crammed into HTML, it would be nice if it were done 
> like this: <a href="..." type="application/octet-stream; md5=xxx">

That doesn't really address the problem of unexpected hostile HTTP 
headers, though (like Set-Cookie or Location with a 301 response code).

It was also later pointed out that this idea would also make incremental 
rendering more difficult to achieve.

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

More information about the whatwg mailing list