- From: Mike West <mkwst@google.com>
- Date: Mon, 11 Aug 2014 22:17:20 +0200
- To: Devdatta Akhawe <dev.akhawe@gmail.com>
- Cc: Stefan Ossendorf <stefan.ossendorf@outlook.de>, "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CAKXHy=c=CXeKmckhJuaStHfg-AmK03YiUY-PdKL6YM-NS1S=Ng@mail.gmail.com>
The grammar is no longer wrong (I hope... ABNF is not my strong suit): https://github.com/w3c/webappsec/commit/0822e8bafa7f53adb1c546864abfae79e2ee05f2 Thanks for the report, Stefan! -mike -- Mike West <mkwst@google.com> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschäftsführer: Graham Law, Christine Elizabeth Flores (Sorry; I'm legally required to add this exciting detail to emails. Bleh.) On Mon, Aug 11, 2014 at 7:46 PM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote: > I believe the grammar is wrong and the empty token list is fine. See > also > http://developers.whatwg.org/the-iframe-element.html#attr-iframe-sandbox > > > =Dev > > > On 10 August 2014 13:04, Stefan Ossendorf <stefan.ossendorf@outlook.de> > wrote: > > Hello, > > > > > > > > I’m trying to implement the CSP Spec from > > ( > https://w3c.github.io/webappsec/specs/content-security-policy/#directive-sandbox > ). > > > > But the ABNF of sandbox is not clear. > > > > Quote: > > > > directive-name = "sandbox" > > > > directive-value = sandbox-token *( 1*WSP sandbox-token ) > > > > sandbox-token = <token from RFC 7230> > > > > > > > > But the first example under „Usage“ say it’s possible to create an empty > > sandbox directive without any value. The ABNF says but at least one token > > and a token can’t be empty according to the token spec. > > > > What’s correct? > > > > > > > > Thanks in advance > > > > Stefan Ossendorf > >
Received on Monday, 11 August 2014 20:18:08 UTC