W3C home > Mailing lists > Public > public-web-security@w3.org > March 2011

Syntax presentation (was Re: Unofficial Draft of Content Security Policy)

From: Adam Barth <w3c@adambarth.com>
Date: Thu, 3 Mar 2011 13:33:05 -0800
Message-ID: <AANLkTi=8+5DX4aE5ebkfcJEofYeD-1JYmk0K7rDPxopJ@mail.gmail.com>
To: Brandon Sterne <bsterne@mozilla.com>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>
Yay!  Thanks Brandon.

Would it be possible to change the presentation of the syntax in two ways:

1) Can we switch to the more usually ABNF used by most modern spec.
For example, as in
<http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-12#section-3.2>
?

2) Can we separate the grammar to two pieces: (A) the general syntax
of the Content-Security-Policy header field and (B) the syntax of the
particular directives.

w.r.t. (2), I'd like to implement parsing in two phases.  First, the
top-level phase that extracts the list of directive-name /
directive-value pairs, and second that process the individual
directive-values according to the rules for the directive-name.  For
example, here's a possible grammar for a CSP policy:

policy          = directive-list
directive-list  = directive *( ";" directive )
directive       = *LWS directive-name [ LWS directive-value ]
directive-name  = 1*<OCTET, except LWS and ";">
directive-value = *<OCTET, except ";">

(Of course, the above might not be correct---it's just an example.)

This approach follows how, for example, HTTP header fields work.
There's a general grammar for HTTP header fields in general, and then
a more specific grammar for particular header fields.

Thanks,
Adam


On Thu, Mar 3, 2011 at 10:17 AM, Brandon Sterne <bsterne@mozilla.com> wrote:
> Hello all,
>
> Apologies for the delays in getting this published.  You can find the
> first Unofficial Draft of the Content Security Policy specification here:
> https://dvcs.w3.org/hg/content-security-policy/raw-file/bcf1c45f312f/csp-unofficial-draft-20110303.html
>
> I hope you will find the new format well-organized and reflective of our
> discussion so far.  While this document will likely remain in Unofficial
> Draft status until we get our charter reviewed and accepted, in the
> meantime this it should provide a good basis for further discussions.  I
> look forward to receiving your feedback.
>
> Best,
> Brandon
>
>
Received on Thursday, 3 March 2011 21:34:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 3 March 2011 21:34:10 GMT