W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: [Integrity] typos with ni URIs

From: Brian Smith <brian@briansmith.org>
Date: Tue, 20 Jan 2015 09:37:19 -0800
Message-ID: <CAFewVt7gJvVOv4xo9rXVgCxRoYyc7y-9YeM7ZA+vBB5-XeYX2Q@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>, "Manger, James" <James.H.Manger@team.telstra.com>
Martin Thomson <martin.thomson@gmail.com> wrote:
> On 19 January 2015 at 13:40, Brian Smith <brian@briansmith.org> wrote:
>> Note that this is a valid URL, where the scheme is the digest name and
>> the path is the digest-value.
>
> Why go to the trouble of making it look like a URI?  A space separated
> list of hash-colon-base64urlDigest tuples should suffice.  Give
> content type its own attribute and avoid the bizarre delimiter.

I had thought that making it conform to the URI syntax was needed in
order for them to be usable in CSP source expressions. But, now I see
that it seems like CSP's source list ABNF would not match any such URI
without "://" in it, and the normative parsing/matching rules do not
seem to actually require it to be a URI at all.

Cheers,
Brian
Received on Tuesday, 20 January 2015 17:37:46 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC