Also in agreement on both accounts. On Mon, Jul 1, 2013 at 4:43 PM, Garrett Robinson <grobinson@mozilla.com>wrote: > On 06/28/2013 07:06 PM, Adam Barth wrote: > > Currently we specify nonce-value as follows: > > > > nonce-value = *( ALPHA / DIGIT ) > > > > Some folks who've been experimenting with nonce-source have requested > > that we expand the set of allowed characters in nonce-value to include > > '+' and '/'. That way the set of allowed characters will match the > > characters used by base64. > > > > I don't see any problems with this. > > > Also, I wonder if should require at minimum number of characters in > > the nonce. Maybe at least 1 character? Having zero seems like an > > error. > > > > We just noticed this while I was working on script-nonce for Firefox > (https://bugzilla.mozilla.org/show_bug.cgi?id=855326#c16). I would also > advocate changing the * to a + so at least 1 character is required in a > valid nonce. > > > Thoughts? > > Adam > > > > > >Received on Wednesday, 3 July 2013 22:13:17 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:02 UTC