W3C home > Mailing lists > Public > public-web-security@w3.org > March 2011

Re: Syntax presentation (was Re: Unofficial Draft of Content Security Policy)

From: Brandon Sterne <bsterne@mozilla.com>
Date: Tue, 08 Mar 2011 14:50:47 -0800
Message-ID: <4D76B2C7.8090408@mozilla.com>
To: Adam Barth <w3c@adambarth.com>
CC: "public-web-security@w3.org" <public-web-security@w3.org>
On 03/03/2011 01:33 PM, Adam Barth wrote:
> 1) Can we switch to the more usually ABNF used by most modern spec.
> For
> example, here's a possible grammar for a CSP policy:
> 
> policy          = directive-list
> directive-list  = directive *( ";" directive )
> directive       = *LWS directive-name [ LWS directive-value ]
> directive-name  = 1*<OCTET, except LWS and ";">
> directive-value = *<OCTET, except ";">
> 
> (Of course, the above might not be correct---it's just an example.)

Hey Adam,

Your ABNF example defines directive names and values by sequences of
allowed characters, while the Mozilla grammar enumerates the list of
"good directives" and makes room for "future directives" using character
sequences.

I'm trying to weigh the advantages of one system over the other.  I
imagine that the chief advantage of your syntax is that the grammar
doesn't have to stay in sync with the directives section as we add new
directives; it's always correct.  On the other hand, it's kind of nice
to have the enumerated list of valid directives in one place.  I'm happy
to go either way, but I'd like to give this group the opportunity to
state a preference.

Cheers,
Brandon
Received on Tuesday, 8 March 2011 22:49:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 March 2011 22:49:40 GMT