Explainer

https://mikewest.github.io/inline-integrity/#intro

The explainer

• Includes the information requested by the Explainer Explainer.
• Follows the Web Platform Design Principles.
• Includes or links to answers to the Security/Privacy Questionnaire.
• Describes user research you did to validate the problem and/or design.

Where and by whom is the work is being done?

• GitHub repo: https://github.com/mikewest/inline-integrity
• Primary contacts:
  • Mike West, @mikewest, Google
• Organization/project driving the design: Chrome
• This work is being funded by: Google
• Incubation and standards groups that have discussed the design:
  • WebAppSec (2025-03-19 minutes)
• Standards group(s) that you expect to discuss and/or adopt this work when it's ready: WebAppSec for SRI patches, WHATWG for HTML patches.

Feedback so far

• Multi-stakeholder feedback:
  • Chromium comments:
  • Mozilla comments: https://github.com/mozilla/standards-positions/issues/1283
  • WebKit comments: https://github.com/WebKit/standards-positions/issues/540

You should also know that...

This is a counterpart to the subresource-signature proposal y'all reviewed in https://github.com/w3ctag/design-reviews/issues/1041.

It grew out of a discussion starting around https://github.com/WICG/signature-based-sri/issues/10#issuecomment-2591268614, describing developers' use cases that were difficult to handle via SRI as it currently exists.

<!-- Content below this is maintained by @w3c-tag-bot -->

---

Track conversations at https://tag-github-bot.w3.org/gh/w3ctag/design-reviews/1135