W3C home > Mailing lists > Public > public-webappsec@w3.org > June 2013

Supporting base64 in nonce-value

From: Adam Barth <w3c@adambarth.com>
Date: Fri, 28 Jun 2013 19:06:07 -0700
Message-ID: <CAJE5ia9rKv9ELHJLJB6pzWnvNA2NJu35CmAFTjk86ua4t+ROTQ@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Currently we specify nonce-value as follows:

nonce-value       = *( ALPHA / DIGIT )

Some folks who've been experimenting with nonce-source have requested
that we expand the set of allowed characters in nonce-value to include
'+' and '/'.  That way the set of allowed characters will match the
characters used by base64.

Also, I wonder if should require at minimum number of characters in
the nonce.  Maybe at least 1 character?  Having zero seems like an
error.

Thoughts?
Adam
Received on Saturday, 29 June 2013 02:07:06 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:02 UTC