This patch changes the error handling behavior for parsing sources in source
authorAdam Barth <w3c@adambarth.com>
Fri, 18 May 2012 13:07:39 -0700
changeset 1187e066a2ccb94
parent 117 92b2fc38ee2e
child 119 691e8a8c804c
This patch changes the error handling behavior for parsing sources in source
lists to truncate paths to just the origin. We're doing this to future-proof
the parser for having finer-grained sources in the future.
csp-1.0-specification.html
csp-specification.dev.html
     1.1 --- a/csp-1.0-specification.html	Fri May 18 12:42:59 2012 -0700
     1.2 +++ b/csp-1.0-specification.html	Fri May 18 13:07:39 2012 -0700
     1.3 @@ -382,9 +382,11 @@
     1.4                    / *WSP "'none'" *WSP
     1.5  source-expression = scheme-source / host-source / keyword-source
     1.6  scheme-source     = scheme ":"
     1.7 -host-source       = ( [ scheme "://" ] host [ port ] )
     1.8 +host-source       = [ scheme "://" ] host [ port ]
     1.9 +ext-host-source   = host-source "/" *( &lt;VCHAR except ";" and ","&gt; )
    1.10 +                  ; ext-host-source is reserved for future use.
    1.11  keyword-source    = "'self'" / "'unsafe-inline'" / "'unsafe-eval'"
    1.12 -scheme            = &lt;scheme&gt; production from RFC 3986
    1.13 +scheme            = &lt;scheme production from RFC 3986&gt;
    1.14  host              = "*" / [ "*." ] 1*host-char *( "." 1*host-char )
    1.15  host-char         = ALPHA / DIGIT / "-"
    1.16  port              = ":" ( 1*DIGIT / "*" )
    1.17 @@ -430,7 +432,7 @@
    1.18                </ol>
    1.19              </li>
    1.20              <li>If the source expression matches the grammar for
    1.21 -            <code>host-source</code>:
    1.22 +            <code>host-source</code> or <code>ext-host-source</code>:
    1.23                <ol>
    1.24                  <li>If the URI does not contain a host, then return <em>does
    1.25                  not match</em>.</li>
     2.1 --- a/csp-specification.dev.html	Fri May 18 12:42:59 2012 -0700
     2.2 +++ b/csp-specification.dev.html	Fri May 18 13:07:39 2012 -0700
     2.3 @@ -458,9 +458,11 @@
     2.4                    / *WSP "'none'" *WSP
     2.5  source-expression = scheme-source / host-source / keyword-source
     2.6  scheme-source     = scheme ":"
     2.7 -host-source       = ( [ scheme "://" ] host [ port ] )
     2.8 +host-source       = [ scheme "://" ] host [ port ]
     2.9 +ext-host-source   = host-source "/" *( &lt;VCHAR except ";" and ","&gt; )
    2.10 +                  ; ext-host-source is reserved for future use.
    2.11  keyword-source    = "'self'" / "'unsafe-inline'" / "'unsafe-eval'"
    2.12 -scheme            = &lt;scheme&gt; production from RFC 3986
    2.13 +scheme            = &lt;scheme production from RFC 3986&gt;
    2.14  host              = "*" / [ "*." ] 1*host-char *( "." 1*host-char )
    2.15  host-char         = ALPHA / DIGIT / "-"
    2.16  port              = ":" ( 1*DIGIT / "*" )
    2.17 @@ -506,7 +508,7 @@
    2.18                </ol>
    2.19              </li>
    2.20              <li>If the source expression matches the grammar for
    2.21 -            <code>host-source</code>:
    2.22 +            <code>host-source</code> or <code>ext-host-source</code>:
    2.23                <ol>
    2.24                  <li>If the URI does not contain a host, then return <em>does
    2.25                  not match</em>.</li>