W3C home > Mailing lists > Public > public-web-security@w3.org > March 2011

Re: Syntax presentation (was Re: Unofficial Draft of Content Security Policy)

From: Brandon Sterne <bsterne@mozilla.com>
Date: Tue, 08 Mar 2011 15:20:54 -0800
Message-ID: <4D76B9D6.9050806@mozilla.com>
To: Adam Barth <w3c@adambarth.com>
CC: "public-web-security@w3.org" <public-web-security@w3.org>
On 03/08/2011 02:50 PM, Brandon Sterne wrote:
> On 03/03/2011 01:33 PM, Adam Barth wrote:
>> For
>> example, here's a possible grammar for a CSP policy:
>> policy          = directive-list
>> directive-list  = directive *( ";" directive )
>> directive       = *LWS directive-name [ LWS directive-value ]
>> directive-name  = 1*<OCTET, except LWS and ";">
>> directive-value = *<OCTET, except ";">
>> (Of course, the above might not be correct---it's just an example.)
> Hey Adam,
> Your ABNF example defines directive names and values by sequences of
> allowed characters, while the Mozilla grammar enumerates the list of
> "good directives" and makes room for "future directives" using character
> sequences.

I neglected to quote the following sentence from your message, which is
> This approach follows how, for example, HTTP header fields work.
> There's a general grammar for HTTP header fields in general, and then
> a more specific grammar for particular header fields.

The "more specific grammar" for the individual directives is where the
enumeration of known directives will presumably take place.  I withdraw
my previous question and ask this one instead :-)

How does one link directive-name in your grammar to, say, the grammar
for the script-src directive?

In the current revision, you can make the substitution <directive> -->
<src-directive> --> "script-src".  How would this same transition be
made between generic and specific directive syntaxes using ABNF?

Hope my question is clear.

Received on Tuesday, 8 March 2011 23:19:45 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:18 UTC