Re: CSP syntax

On 01/02/11 21:41, Daniel Veditz wrote:
> I'll grant the extensibility win, but it's LESS compact than what we
> have now due to the required braces, brackets, and quoting. It's a
> clear lose on legibility but that may be somewhat compensated for by
> making it easy for tools to parse and write.

We could get all that back by following the Do-Not-Track header (DNT) 
and calling our header CSP instead of Content-Security-Policy ;-)

I'm thinking it's best if we adopt _some_ other mini-language rather 
than inventing our own. At the moment, what we have is something like 
the syntax used for Accept: headers. If we can match that, perhaps we 
should. Otherwise, I see the value of JSON. Web developers are becoming 
increasingly familiar with it, and the extensibility model is clear.

If we were desperate for space, we could define the top-level as a hash, 
and omit the outer { and }!


Received on Wednesday, 2 February 2011 09:36:26 UTC