W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: CSP: Drop IP-matching? (was Re: [CSP] URI/IRI normalization and comparison)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 29 Jan 2015 11:23:35 +0100
Message-ID: <CADnb78gbhHdkCBGZdD68oAGCfhg4_0kY4XHiXxnvSNx7XeMZjg@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: Joel Weinberger <jww@chromium.org>, Brian Smith <brian@briansmith.org>, Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Jan 29, 2015 at 11:18 AM, Mike West <mkwst@google.com> wrote:
> The only piece that isn't defined is IPv6 matching. We define IP address
> matching, it just doesn't make sense when wildcards come in. :)

Do

  http://2/

and

  http://0.0.0.2/

match?

Do

  http://0.00.0.2/

and

  http://00.0.0.2/

match?

>From my reading of the text neither worked.


-- 
https://annevankesteren.nl/
Received on Thursday, 29 January 2015 10:29:24 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC