- From: Devdatta Akhawe <dev.akhawe@gmail.com>
- Date: Mon, 11 Aug 2014 10:46:47 -0700
- To: Stefan Ossendorf <stefan.ossendorf@outlook.de>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
I believe the grammar is wrong and the empty token list is fine. See also http://developers.whatwg.org/the-iframe-element.html#attr-iframe-sandbox =Dev On 10 August 2014 13:04, Stefan Ossendorf <stefan.ossendorf@outlook.de> wrote: > Hello, > > > > I’m trying to implement the CSP Spec from > (https://w3c.github.io/webappsec/specs/content-security-policy/#directive-sandbox). > > But the ABNF of sandbox is not clear. > > Quote: > > directive-name = "sandbox" > > directive-value = sandbox-token *( 1*WSP sandbox-token ) > > sandbox-token = <token from RFC 7230> > > > > But the first example under „Usage“ say it’s possible to create an empty > sandbox directive without any value. The ABNF says but at least one token > and a token can’t be empty according to the token spec. > > What’s correct? > > > > Thanks in advance > > Stefan Ossendorf
Received on Monday, 11 August 2014 17:47:34 UTC