W3C home > Mailing lists > Public > public-web-security@w3.org > March 2011

Re: CSP directive-value question

From: Adam Barth <w3c@adambarth.com>
Date: Thu, 17 Mar 2011 14:17:15 -0700
Message-ID: <AANLkTikUjv30bV61b8pH0YQjhzGFCmHAcBhUNRNTSkOY@mail.gmail.com>
To: Brandon Sterne <bsterne@mozilla.com>
Cc: public-web-security@w3.org
On Thu, Mar 17, 2011 at 1:57 PM, Brandon Sterne <bsterne@mozilla.com> wrote:
> On 03/17/2011 11:47 AM, Adam Barth wrote:
>> 2) The spec dosen't define error handling.  For example, how should
>> the following parse:
>>
>> Content-Security-Policy: default-src 'self'; helloXgoodbye
>>
>> where X is %x07, for example?  Also, what about
>>
>> Content-Security-Policy: default-src 'self';  ;
>
> We already specify that unrecognized directives should be ignored.
> Should we simply also specify that invalid directives (per the grammar)
> should be ignored?

Yep, that would work.

Adam
Received on Thursday, 17 March 2011 21:18:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 17 March 2011 21:18:20 GMT