- From: Adam Barth <w3c@adambarth.com>
- Date: Thu, 3 Mar 2011 13:33:05 -0800
- To: Brandon Sterne <bsterne@mozilla.com>
- Cc: "public-web-security@w3.org" <public-web-security@w3.org>
Yay! Thanks Brandon. Would it be possible to change the presentation of the syntax in two ways: 1) Can we switch to the more usually ABNF used by most modern spec. For example, as in <http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-12#section-3.2> ? 2) Can we separate the grammar to two pieces: (A) the general syntax of the Content-Security-Policy header field and (B) the syntax of the particular directives. w.r.t. (2), I'd like to implement parsing in two phases. First, the top-level phase that extracts the list of directive-name / directive-value pairs, and second that process the individual directive-values according to the rules for the directive-name. For example, here's a possible grammar for a CSP policy: policy = directive-list directive-list = directive *( ";" directive ) directive = *LWS directive-name [ LWS directive-value ] directive-name = 1*<OCTET, except LWS and ";"> directive-value = *<OCTET, except ";"> (Of course, the above might not be correct---it's just an example.) This approach follows how, for example, HTTP header fields work. There's a general grammar for HTTP header fields in general, and then a more specific grammar for particular header fields. Thanks, Adam On Thu, Mar 3, 2011 at 10:17 AM, Brandon Sterne <bsterne@mozilla.com> wrote: > Hello all, > > Apologies for the delays in getting this published. You can find the > first Unofficial Draft of the Content Security Policy specification here: > https://dvcs.w3.org/hg/content-security-policy/raw-file/bcf1c45f312f/csp-unofficial-draft-20110303.html > > I hope you will find the new format well-organized and reflective of our > discussion so far. While this document will likely remain in Unofficial > Draft status until we get our charter reviewed and accepted, in the > meantime this it should provide a good basis for further discussions. I > look forward to receiving your feedback. > > Best, > Brandon > >
Received on Thursday, 3 March 2011 21:34:10 UTC