- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Tue, 08 Jan 2013 09:12:14 -0800
- To: Julian Reschke <julian.reschke@gmx.de>
- CC: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 1/8/2013 8:13 AM, Julian Reschke wrote: > ...and, even worse, "," is an allowed character in URIs... Commas are not allowed in hostnames which is all that's supported by CSP 1.0. In CSP 1.1 where we allow partial paths we should note that they are only allowed if they do not contain a comma or semi-colon, and that those punctuation marks will be interpreted as policy delimiters. If someone wants to argue the other way that's fine, but either way the spec should be explicit about the handling of those two special characters. -Dan Veditz
Received on Tuesday, 8 January 2013 17:12:44 UTC