W3C home > Mailing lists > Public > public-web-security@w3.org > March 2011

Re: CSP directive-value question

From: Brandon Sterne <bsterne@mozilla.com>
Date: Thu, 17 Mar 2011 13:57:52 -0700
Message-ID: <4D8275D0.5050508@mozilla.com>
To: Adam Barth <w3c@adambarth.com>
CC: public-web-security@w3.org
On 03/17/2011 11:47 AM, Adam Barth wrote:
> 2) The spec dosen't define error handling.  For example, how should
> the following parse:
> 
> Content-Security-Policy: default-src 'self'; helloXgoodbye
> 
> where X is %x07, for example?  Also, what about
> 
> Content-Security-Policy: default-src 'self';  ;

We already specify that unrecognized directives should be ignored.
Should we simply also specify that invalid directives (per the grammar)
should be ignored?

-Brandon
Received on Thursday, 17 March 2011 20:56:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 17 March 2011 20:56:18 GMT