- From: Brandon Sterne <bsterne@mozilla.com>
- Date: Tue, 08 Mar 2011 15:20:54 -0800
- To: Adam Barth <w3c@adambarth.com>
- CC: "public-web-security@w3.org" <public-web-security@w3.org>
On 03/08/2011 02:50 PM, Brandon Sterne wrote: > On 03/03/2011 01:33 PM, Adam Barth wrote: >> For >> example, here's a possible grammar for a CSP policy: >> >> policy = directive-list >> directive-list = directive *( ";" directive ) >> directive = *LWS directive-name [ LWS directive-value ] >> directive-name = 1*<OCTET, except LWS and ";"> >> directive-value = *<OCTET, except ";"> >> >> (Of course, the above might not be correct---it's just an example.) > > Hey Adam, > > Your ABNF example defines directive names and values by sequences of > allowed characters, while the Mozilla grammar enumerates the list of > "good directives" and makes room for "future directives" using character > sequences. I neglected to quote the following sentence from your message, which is important: > This approach follows how, for example, HTTP header fields work. > There's a general grammar for HTTP header fields in general, and then > a more specific grammar for particular header fields. The "more specific grammar" for the individual directives is where the enumeration of known directives will presumably take place. I withdraw my previous question and ask this one instead :-) How does one link directive-name in your grammar to, say, the grammar for the script-src directive? In the current revision, you can make the substitution <directive> --> <src-directive> --> "script-src". How would this same transition be made between generic and specific directive syntaxes using ABNF? Hope my question is clear. Thanks, Brandon
Received on Tuesday, 8 March 2011 23:19:45 UTC