W3C home > Mailing lists > Public > public-web-security@w3.org > April 2011

Re: CSP directive-value question

From: Brandon Sterne <bsterne@mozilla.com>
Date: Mon, 11 Apr 2011 15:22:48 -0700
Message-ID: <4DA37F38.4080608@mozilla.com>
To: Adam Barth <w3c@adambarth.com>
CC: public-web-security@w3.org
On 3/17/11 2:17 PM, Adam Barth wrote:
> On Thu, Mar 17, 2011 at 1:57 PM, Brandon Sterne <bsterne@mozilla.com> wrote:
>> On 03/17/2011 11:47 AM, Adam Barth wrote:
>>> 2) The spec dosen't define error handling.  For example, how should
>>> the following parse:
>>>
>>> Content-Security-Policy: default-src 'self'; helloXgoodbye
>>>
>>> where X is %x07, for example?  Also, what about
>>>
>>> Content-Security-Policy: default-src 'self';  ;
>>
>> We already specify that unrecognized directives should be ignored.
>> Should we simply also specify that invalid directives (per the grammar)
>> should be ignored?
> 
> Yep, that would work.
> 
> Adam

I pushed this as:
https://dvcs.w3.org/hg/content-security-policy/rev/c1dc770df1a9

Cheers,
Brandon
Received on Monday, 11 April 2011 22:23:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 11 April 2011 22:23:20 GMT