W3C home > Mailing lists > Public > public-web-security@w3.org > March 2011

Re: Syntax presentation (was Re: Unofficial Draft of Content Security Policy)

From: =JeffH <Jeff.Hodges@KingsMountain.com>
Date: Tue, 08 Mar 2011 17:03:07 -0800
Message-ID: <4D76D1CB.7010401@KingsMountain.com>
To: W3C Web Security Interest Group <public-web-security@w3.org>
 > In the current revision, you can make the substitution <directive> -->
 > <src-directive> --> "script-src".  How would this same transition be
 > made between generic and specific directive syntaxes using ABNF?

something like this me thinks..

generic policy header grammar:

 >> policy          = directive-list
 >> directive-list  = directive *( ";" directive )
 >> directive       = *LWS directive-name [ LWS directive-value ]
 >> directive-name  = 1*<OCTET, except LWS and ";">
 >> directive-value = *<OCTET, except ";">


...then (even in another spec), say...

directive-name   =  "script-src"
; from generic policy header grammar

directive-value  =  <URI>  ; reference production in
                            ; appropriate spc
                            ; that has URI ABNF
                            ;  e.g. http(bis)


HTH,

=JeffH
Received on Wednesday, 9 March 2011 01:03:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 March 2011 01:03:37 GMT