emacs-elpa-diffs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[elpa] master fec8cdf 20/23: Add CSP syntax checking for <meta> & HTTP h


From: Stefan Monnier
Subject: [elpa] master fec8cdf 20/23: Add CSP syntax checking for <meta> & HTTP header
Date: Thu, 14 Jan 2016 19:22:40 +0000

branch: master
commit fec8cdffb904d2d58b3fb10d90efa095ce5e1f76
Author: Michael[tm] Smith <address@hidden>
Commit: Michael[tm] Smith <address@hidden>

    Add CSP syntax checking for <meta> & HTTP header
    
    Adds datatype/microsyntax-checking of the "content" attribute of the
    <meta http-equiv=content-security-policy content="..."> element, along with
    such checking of the value of the Content-Security-Policy HTTP header.
    
    Fixes https://github.com/validator/validator/issues/153
---
 common.rnc |    4 ++++
 meta.rnc   |   25 +++++++++++++++++++++++++
 2 files changed, 29 insertions(+), 0 deletions(-)

diff --git a/common.rnc b/common.rnc
index 3352fd8..68d9acc 100644
--- a/common.rnc
+++ b/common.rnc
@@ -394,6 +394,10 @@ common.attrs.other =
        common.data.integrity =
                w:integrity-metadata
 
+## Content Security Policy
+       common.data.content-security-policy =
+               w:content-security-policy
+
 ## List of sandbox keywords
        common.data.sandbox-allow-list =
                w:string "" | w:sandbox-allow-list
diff --git a/meta.rnc b/meta.rnc
index e97e0de..ff67c2d 100644
--- a/meta.rnc
+++ b/meta.rnc
@@ -324,6 +324,31 @@ datatypes w = "http://whattf.org/datatype-draft";
                                                                # if the 
definition is 
                                                                # reused in 
another language
 
+## Content Security Policy pragma directive: <meta 
http-equiv='content-security-policy'>
+
+       meta.http-equiv.content-security-policy.elem =
+               element meta { meta.inner & 
meta.http-equiv.content-security-policy.attrs }
+       meta.http-equiv.content-security-policy.attrs =
+               (       common.attrs.basic
+               &       common.attrs.i18n
+               &       common.attrs.present
+               &       common.attrs.other
+               &       meta.http-equiv.attrs.http-equiv.content-security-policy
+               &       meta.http-equiv.attrs.content.content-security-policy
+               &       (       common.attrs.aria.role.presentation
+                       |       common.attrs.aria.role.menuitem
+                       )?
+               )
+               meta.http-equiv.attrs.http-equiv.content-security-policy =
+                       attribute http-equiv {
+                               w:string "content-security-policy"
+                       }
+               meta.http-equiv.attrs.content.content-security-policy =
+                       attribute content {
+                               common.data.content-security-policy
+                       }
+       common.elem.metadata |= meta.http-equiv.content-security-policy.elem
+
 ## "x-ua-compatible" pragma directive: <meta http-equiv='x-ua-compatible'>
 
        meta.http-equiv.x-ua-compatible.elem =



reply via email to

[Prev in Thread] Current Thread [Next in Thread]