Merge pull request #124 from snshn/adr-integrity

Propose ADR 0004: Asset integrity check
2020-05-24 06:24:26 -04:00 · 2020-05-24 06:24:26 -04:00 · d848179a43
commit d848179a43
parent 399f515eeb 8fbae735fa
1 changed files with 28 additions and 0 deletions
--- a/docs/arch/0004-asset-integrity-check.md
+++ b/docs/arch/0004-asset-integrity-check.md
@ -0,0 +1,28 @@
+# 4. Asset integrity check
+
+Date: 2020-02-23
+
+## Status
+
+Proposed
+
+## Context
+
+In HTML5, `link` and `script` nodes have an attribute named
+`integrity`, which lets the browser check if the remote file is
+valid, mostly for the purpose of enhancing page security.
+
+## Decision
+
+In order to replicate browsers' behavior, the program should
+perform integrity check the same way browsers do, excluding the
+linked asset from the final result if such check fails.
+
+The `integrity` attribute should be removed from nodes,
+as it bears no benefit for resources embedded as data URLs.
+
+## Consequences
+
+Assets that fail to pass the check get excluded from the saved document.
+
+Saved documents no longer contain integrity attributes on all `link` and `script` nodes.