Description
Now that we have processing models defined for all the <link> types, which are clear about which attributes are used, it might be a good idea to add conformance requirements on:
crossorigin=""integrity=""referrerpolicy=""fetchpriority=""
From what I can tell, these all apply if and only if the type is one of: manifest, icon, modulepreload, stylesheet, prefetch, or preload, except crossorigin="" can also apply to preconnect.
Right now we have weak or incorrect conformance requirements:
The crossorigin attribute is a CORS settings attribute. It is intended for use with external resource links.
The integrity attribute [...] must only be specified on link elements that have a rel attribute that contains the stylesheet, preload, or modulepreload keyword.
The referrerpolicy attribute is a referrer policy attribute. It is intended for use with external resource links.
I think we should probably do something like: define "fetched external resource links" as manifest, icon, modulepreload, stylesheet, prefetch, or preload, and change all of these to require that they are used only on "fetched external resource links", or in the case of crossorigin="", fetched external resource links + preconnect.
/cc @noamr