Re: [csswg-drafts] [css-values] Spec does not reject duplicate `<request-url-modifier>`s, but WPT does (#12151) from Sam Weinig via GitHub on 2025-05-14 (public-css-archive@w3.org from May 2025)

From: Sam Weinig via GitHub <sysbot+gh@w3.org>
Date: Wed, 14 May 2025 00:11:01 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-2878235884-1747181458-sysbot+gh@w3.org>

> [This test](https://wpt.live/css/css-values/urls/url-request-modifiers-invalid.sub.html) requires that a url() with more than one of the same <request-url-modifier> be treated as invalid, but I can't find anything in the spec that says this is invalid

You are right, the grammar currently allows duplicate modifiers due to the use of `<url-modifier>*` `url( <string> <url-modifier>* )`

I don't think duplicate modifiers make sense, so I would propose we change grammar 

```
<url> = <url()> | <src()>

<url()> = url( <string> <url-modifiers> ) | <url-token>
<src()> = src( <string> <url-modifiers> )

<url-modifiers> = <crossorigin-modifier> || <integrity-modifier> || <referrerpolicy-modifier>
<crossorigin-modifier> = crossorigin(anonymous | use-credentials)
<integrity-modifier> = integrity(<string>)
<referrerpolicy-modifier> = referrerpolicy(no-referrer | no-referrer-when-downgrade | same-origin | origin | strict-origin | origin-when-cross-origin | strict-origin-when-cross-origin | unsafe-url)
```

With this construction, the serialization would fall out of the normal serialize in grammar order assumptions.

@noamr @tabatkins, any thoughts on that change?

-- 
GitHub Notification of comment by weinig
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/12151#issuecomment-2878235884 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 14 May 2025 00:11:01 UTC