W3C home > Mailing lists > Public > public-web-security@w3.org > March 2011

Re: CSP directive-value question

From: Brandon Sterne <bsterne@mozilla.com>
Date: Thu, 17 Mar 2011 13:48:43 -0700
Message-ID: <4D8273AB.1020205@mozilla.com>
To: Adam Barth <w3c@adambarth.com>
CC: public-web-security@w3.org
On 03/17/2011 11:14 AM, Adam Barth wrote:
> script-src        = "script-src" [ 1*LWSP source-list ]
> 
> and
> 
> source-list       = ( *LWSP / source ) *( 1*LWSP source )
>                   / "'none'"
> 
> which is impossible because VCHAR odes not contain LWSP.  Perhaps
> directive-value should allow LWSP as well as VCHAR?

Indeed this is a bug, which is fixed in the patch you sent me today.
I'll push the patch ASAP.

Thanks,
Brandon
Received on Thursday, 17 March 2011 20:47:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 17 March 2011 20:47:10 GMT