- From: Gervase Markham <gerv@mozilla.org>
- Date: Wed, 02 Feb 2011 09:35:50 +0000
- To: Daniel Veditz <dveditz@mozilla.com>
- CC: Adam Barth <w3c@adambarth.com>, public-web-security@w3.org
On 01/02/11 21:41, Daniel Veditz wrote:
> I'll grant the extensibility win, but it's LESS compact than what we
> have now due to the required braces, brackets, and quoting. It's a
> clear lose on legibility but that may be somewhat compensated for by
> making it easy for tools to parse and write.
We could get all that back by following the Do-Not-Track header (DNT)
and calling our header CSP instead of Content-Security-Policy ;-)
I'm thinking it's best if we adopt _some_ other mini-language rather
than inventing our own. At the moment, what we have is something like
the syntax used for Accept: headers. If we can match that, perhaps we
should. Otherwise, I see the value of JSON. Web developers are becoming
increasingly familiar with it, and the extensibility model is clear.
If we were desperate for space, we could define the top-level as a hash,
and omit the outer { and }!
Gerv
Received on Wednesday, 2 February 2011 09:36:26 UTC