There’s some discussion in the comments about a content addressed url scheme. href=“sha256://abcdef1234”
This would combine neatly with the ability to have more than one href property. You could specify the hash, but more than one hash would also mean you could specify a mirror or backup server.
<script src=“sha256://xyz” src=“site1.example.com/foo.js” src=“backup.example.com/foo.js”>
feels like you’re reinventing magnet links though – you don’t need a new url type for content addressed stuff.
as you’ve touched on. http is essentially a location centric protocol, rather than a content-centric one. moving to fingerprints over locations suggests that http isn’t the right way to go about it.
your suggestion is conceptually simple – it’s an easy change in the format, but possibly a hard change in the tooling (repeating src=“…” attributes would necessitate changes to the dom api too).