Re: [csswg-drafts] [css-values] Spec does not reject duplicate `<request-url-modifier>`s, but WPT does (#12151) from Sam Weinig via GitHub on 2025-06-26 (public-css-archive@w3.org from June 2025)

From: Sam Weinig via GitHub <noreply@w3.org>
Date: Thu, 26 Jun 2025 16:06:19 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-3009005578-1750953976-noreply@w3.org>

Given there is enough discussion here, I want to simplify the prosed resolution to just the content for this issue. So, here it is again, but without the unknown modifiers bit.

I'm not convinced allowing duplicate modifiers makes sense and that these modifiers fall into the same class as the ones @cdoublev mentions "representing resources, instructions, function arguments, etc". 

--

Updated resolution:

Update grammar for `<url>` to disallow duplicate `<request-url-modifier>` productions by changing the grammar from:

```
<url> = <url()> | <src()>

<url()> = url( <string> <url-modifier>* ) | <url-token>
<src()> = src( <string> <url-modifier>* )
```

to

```
<url> = <url()> | <src()>

<url()> = url( <string> <url-modifiers>? ) | <url-token>
<src()> = src( <string> <url-modifiers>? )
```

and adding the definition of `<url-modifiers>` as:

 ```
<url-modifiers> = <request-url-modifier>
<request-url-modifier> = <crossorigin-modifier> || <integrity-modifier> || <referrerpolicy-modifier>
<crossorigin-modifier> = crossorigin(anonymous | use-credentials)
<integrity-modifier> = integrity(<string>)
<referrerpolicy-modifier> = referrerpolicy(no-referrer | no-referrer-when-downgrade | same-origin | origin | strict-origin | origin-when-cross-origin | strict-origin-when-cross-origin | unsafe-url)
```

-- 
GitHub Notification of comment by weinig
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/12151#issuecomment-3009005578 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 26 June 2025 16:06:20 UTC