[CSP] feedback sandbox ABNF grammar conflict from Stefan Ossendorf on 2014-08-10 (public-webappsec@w3.org from August 2014)

From: Stefan Ossendorf <stefan.ossendorf@outlook.de>
Date: Sun, 10 Aug 2014 22:04:01 +0200
To: <public-webappsec@w3.org>
Message-ID: <DUB113-DS30376ABA656E773C6ACCB9E2EC0@phx.gbl>

Hello,

 

I'm trying to implement the CSP Spec from
(https://w3c.github.io/webappsec/specs/content-security-policy/#directive-sa
ndbox).

But the ABNF of sandbox is not clear.

Quote:

directive-name    = "sandbox"
directive-value   = sandbox-token
<https://w3c.github.io/webappsec/specs/content-security-policy/#sandbox-toke
n>  *( 1*WSP sandbox-token
<https://w3c.github.io/webappsec/specs/content-security-policy/#sandbox-toke
n>  )
sandbox-token     = <token from RFC 7230>

 

But the first example under "Usage" say it's possible to create an empty
sandbox directive without any value. The ABNF says but at least one token
and a token can't be empty according to the token spec.

What's correct?

 

Thanks in advance

Stefan Ossendorf

Received on Monday, 11 August 2014 13:44:02 UTC