- From: Brian Smith <brian@briansmith.org>
- Date: Tue, 20 Jan 2015 09:37:19 -0800
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, "Manger, James" <James.H.Manger@team.telstra.com>
Martin Thomson <martin.thomson@gmail.com> wrote: > On 19 January 2015 at 13:40, Brian Smith <brian@briansmith.org> wrote: >> Note that this is a valid URL, where the scheme is the digest name and >> the path is the digest-value. > > Why go to the trouble of making it look like a URI? A space separated > list of hash-colon-base64urlDigest tuples should suffice. Give > content type its own attribute and avoid the bizarre delimiter. I had thought that making it conform to the URI syntax was needed in order for them to be usable in CSP source expressions. But, now I see that it seems like CSP's source list ABNF would not match any such URI without "://" in it, and the normative parsing/matching rules do not seem to actually require it to be a URI at all. Cheers, Brian
Received on Tuesday, 20 January 2015 17:37:46 UTC