- From: Adam Barth <w3c@adambarth.com>
- Date: Fri, 28 Jun 2013 19:06:07 -0700
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Currently we specify nonce-value as follows: nonce-value = *( ALPHA / DIGIT ) Some folks who've been experimenting with nonce-source have requested that we expand the set of allowed characters in nonce-value to include '+' and '/'. That way the set of allowed characters will match the characters used by base64. Also, I wonder if should require at minimum number of characters in the nonce. Maybe at least 1 character? Having zero seems like an error. Thoughts? Adam
Received on Saturday, 29 June 2013 02:07:06 UTC