From c217195b6dc36ee8ee989e38b7e177a58f5819e9 Mon Sep 17 00:00:00 2001 From: "Daniel D. Beck" Date: Tue, 7 Apr 2026 15:35:43 +0200 Subject: [PATCH 1/2] Add subresource integrity (SRI) feature --- features/fetch.yml | 1 - features/fetch.yml.dist | 13 -------- features/link.yml | 2 -- features/link.yml.dist | 14 -------- features/script.yml | 2 -- features/script.yml.dist | 14 -------- features/subresource-integrity.yml | 9 ++++++ features/subresource-integrity.yml.dist | 43 +++++++++++++++++++++++++ 8 files changed, 52 insertions(+), 46 deletions(-) create mode 100644 features/subresource-integrity.yml create mode 100644 features/subresource-integrity.yml.dist diff --git a/features/fetch.yml b/features/fetch.yml index 87b56cf9a67..696b8a0adf5 100644 --- a/features/fetch.yml +++ b/features/fetch.yml @@ -39,7 +39,6 @@ compat_features: - api.Request.credentials.default_same-origin - api.Request.destination - api.Request.duplex - - api.Request.integrity - api.Request.isHistoryNavigation - api.Request.headers - api.Request.json diff --git a/features/fetch.yml.dist b/features/fetch.yml.dist index 5c4cb2793f8..628d062f214 100644 --- a/features/fetch.yml.dist +++ b/features/fetch.yml.dist @@ -89,19 +89,6 @@ compat_features: # safari_ios: "10.3" - api.Request.redirect - # baseline: high - # baseline_low_date: 2017-03-27 - # baseline_high_date: 2019-09-27 - # support: - # chrome: "46" - # chrome_android: "46" - # edge: "14" - # firefox: "51" - # firefox_android: "51" - # safari: "10.1" - # safari_ios: "10.3" - - api.Request.integrity - # baseline: high # baseline_low_date: 2017-03-27 # baseline_high_date: 2019-09-27 diff --git a/features/link.yml b/features/link.yml index 5641c9f2941..2bb74130355 100644 --- a/features/link.yml +++ b/features/link.yml @@ -11,7 +11,6 @@ compat_features: - api.HTMLLinkElement.disabled - api.HTMLLinkElement.href - api.HTMLLinkElement.hreflang - - api.HTMLLinkElement.integrity - api.HTMLLinkElement.media - api.HTMLLinkElement.rel - api.HTMLLinkElement.relList @@ -23,7 +22,6 @@ compat_features: - html.elements.link.disabled - html.elements.link.href - html.elements.link.hreflang - - html.elements.link.integrity - html.elements.link.media - html.elements.link.rel - html.elements.link.sizes diff --git a/features/link.yml.dist b/features/link.yml.dist index f303f9e54b1..11f619b2488 100644 --- a/features/link.yml.dist +++ b/features/link.yml.dist @@ -67,20 +67,6 @@ compat_features: - api.HTMLLinkElement.crossOrigin - html.elements.link.crossorigin - # baseline: high - # baseline_low_date: 2018-04-30 - # baseline_high_date: 2020-10-30 - # support: - # chrome: "45" - # chrome_android: "45" - # edge: "17" - # firefox: "43" - # firefox_android: "43" - # safari: "11.1" - # safari_ios: "11.3" - - api.HTMLLinkElement.integrity - - html.elements.link.integrity - # baseline: high # baseline_low_date: 2018-04-30 # baseline_high_date: 2020-10-30 diff --git a/features/script.yml b/features/script.yml index b3b707eefdd..0b1f9aba264 100644 --- a/features/script.yml +++ b/features/script.yml @@ -9,7 +9,6 @@ compat_features: - api.HTMLScriptElement.async - api.HTMLScriptElement.crossOrigin - api.HTMLScriptElement.defer - - api.HTMLScriptElement.integrity - api.HTMLScriptElement.src - api.HTMLScriptElement.supports_static - api.HTMLScriptElement.text @@ -18,7 +17,6 @@ compat_features: - html.elements.script.async - html.elements.script.crossorigin - html.elements.script.defer - - html.elements.script.integrity - html.elements.script.src - html.elements.script.type - html.elements.noscript diff --git a/features/script.yml.dist b/features/script.yml.dist index 620d31dd257..966ce6d996f 100644 --- a/features/script.yml.dist +++ b/features/script.yml.dist @@ -125,20 +125,6 @@ compat_features: - api.HTMLScriptElement.crossOrigin - html.elements.script.crossorigin - # baseline: high - # baseline_low_date: 2018-04-30 - # baseline_high_date: 2020-10-30 - # support: - # chrome: "45" - # chrome_android: "45" - # edge: "17" - # firefox: "43" - # firefox_android: "43" - # safari: "11.1" - # safari_ios: "11.3" - - api.HTMLScriptElement.integrity - - html.elements.script.integrity - # baseline: high # baseline_low_date: 2022-09-12 # baseline_high_date: 2025-03-12 diff --git a/features/subresource-integrity.yml b/features/subresource-integrity.yml new file mode 100644 index 00000000000..b1b61a99955 --- /dev/null +++ b/features/subresource-integrity.yml @@ -0,0 +1,9 @@ +name: Subresource integrity +description: Subresource integrity verifies that a resource, such as script served from a content delivery network, matches a known cryptographic hash. Also known as SRI. +spec: https://w3c.github.io/webappsec-subresource-integrity/ +caniuse: subresource-integrity +compat_features: + - api.Request.integrity + - html.elements.link.integrity + - api.HTMLScriptElement.integrity + - html.elements.script.integrity diff --git a/features/subresource-integrity.yml.dist b/features/subresource-integrity.yml.dist new file mode 100644 index 00000000000..a8a520eba7e --- /dev/null +++ b/features/subresource-integrity.yml.dist @@ -0,0 +1,43 @@ +# Generated from: subresource-integrity.yml +# Do not edit this file by hand. Edit the source file instead! + +status: + baseline: high + baseline_low_date: 2018-04-30 + baseline_high_date: 2020-10-30 + support: + chrome: "46" + chrome_android: "46" + edge: "17" + firefox: "51" + firefox_android: "51" + safari: "11.1" + safari_ios: "11.3" +compat_features: + # baseline: high + # baseline_low_date: 2017-03-27 + # baseline_high_date: 2019-09-27 + # support: + # chrome: "46" + # chrome_android: "46" + # edge: "14" + # firefox: "51" + # firefox_android: "51" + # safari: "10.1" + # safari_ios: "10.3" + - api.Request.integrity + + # baseline: high + # baseline_low_date: 2018-04-30 + # baseline_high_date: 2020-10-30 + # support: + # chrome: "45" + # chrome_android: "45" + # edge: "17" + # firefox: "43" + # firefox_android: "43" + # safari: "11.1" + # safari_ios: "11.3" + - api.HTMLScriptElement.integrity + - html.elements.link.integrity + - html.elements.script.integrity From d5126ec46bd2a57dc315695e9e657e075a46b242 Mon Sep 17 00:00:00 2001 From: "Daniel D. Beck" Date: Tue, 7 Apr 2026 15:43:30 +0200 Subject: [PATCH 2/2] Add resource integrity group --- features/signature-based-resource-integrity.yml | 1 + features/subresource-integrity.yml | 1 + groups/integrity.yml | 1 + 3 files changed, 3 insertions(+) create mode 100644 groups/integrity.yml diff --git a/features/signature-based-resource-integrity.yml b/features/signature-based-resource-integrity.yml index 77a9abf8e57..f69a53cdec2 100644 --- a/features/signature-based-resource-integrity.yml +++ b/features/signature-based-resource-integrity.yml @@ -1,6 +1,7 @@ name: Signature-based resource integrity description: Signature-based resource integrity verifies a script's provenance by checking that the resource has been signed with a trusted key given by the `