[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[elpa] master fec8cdf 20/23: Add CSP syntax checking for <meta> & HTTP h
From: |
Stefan Monnier |
Subject: |
[elpa] master fec8cdf 20/23: Add CSP syntax checking for <meta> & HTTP header |
Date: |
Thu, 14 Jan 2016 19:22:40 +0000 |
branch: master
commit fec8cdffb904d2d58b3fb10d90efa095ce5e1f76
Author: Michael[tm] Smith <address@hidden>
Commit: Michael[tm] Smith <address@hidden>
Add CSP syntax checking for <meta> & HTTP header
Adds datatype/microsyntax-checking of the "content" attribute of the
<meta http-equiv=content-security-policy content="..."> element, along with
such checking of the value of the Content-Security-Policy HTTP header.
Fixes https://github.com/validator/validator/issues/153
---
common.rnc | 4 ++++
meta.rnc | 25 +++++++++++++++++++++++++
2 files changed, 29 insertions(+), 0 deletions(-)
diff --git a/common.rnc b/common.rnc
index 3352fd8..68d9acc 100644
--- a/common.rnc
+++ b/common.rnc
@@ -394,6 +394,10 @@ common.attrs.other =
common.data.integrity =
w:integrity-metadata
+## Content Security Policy
+ common.data.content-security-policy =
+ w:content-security-policy
+
## List of sandbox keywords
common.data.sandbox-allow-list =
w:string "" | w:sandbox-allow-list
diff --git a/meta.rnc b/meta.rnc
index e97e0de..ff67c2d 100644
--- a/meta.rnc
+++ b/meta.rnc
@@ -324,6 +324,31 @@ datatypes w = "http://whattf.org/datatype-draft"
# if the
definition is
# reused in
another language
+## Content Security Policy pragma directive: <meta
http-equiv='content-security-policy'>
+
+ meta.http-equiv.content-security-policy.elem =
+ element meta { meta.inner &
meta.http-equiv.content-security-policy.attrs }
+ meta.http-equiv.content-security-policy.attrs =
+ ( common.attrs.basic
+ & common.attrs.i18n
+ & common.attrs.present
+ & common.attrs.other
+ & meta.http-equiv.attrs.http-equiv.content-security-policy
+ & meta.http-equiv.attrs.content.content-security-policy
+ & ( common.attrs.aria.role.presentation
+ | common.attrs.aria.role.menuitem
+ )?
+ )
+ meta.http-equiv.attrs.http-equiv.content-security-policy =
+ attribute http-equiv {
+ w:string "content-security-policy"
+ }
+ meta.http-equiv.attrs.content.content-security-policy =
+ attribute content {
+ common.data.content-security-policy
+ }
+ common.elem.metadata |= meta.http-equiv.content-security-policy.elem
+
## "x-ua-compatible" pragma directive: <meta http-equiv='x-ua-compatible'>
meta.http-equiv.x-ua-compatible.elem =
- [elpa] master a9ca633 04/23: Make input[type]-specific error msgs more clear., (continued)
- [elpa] master a9ca633 04/23: Make input[type]-specific error msgs more clear., Stefan Monnier, 2016/01/14
- [elpa] master 85521bf 13/23: Make "integrity" checking more helpful, Stefan Monnier, 2016/01/14
- [elpa] master 103dc56 09/23: (Re)corrected content model for the ruby element., Stefan Monnier, 2016/01/14
- [elpa] master 76e0657 10/23: Allow ol>li[role=menuitem] & ol>li[role=tab]., Stefan Monnier, 2016/01/14
- [elpa] master c3b8596 14/23: Sync up with latest ARIA-in-HTML spec changes, Stefan Monnier, 2016/01/14
- [elpa] master 1c11a56 12/23: Add the "integrity" attribute, Stefan Monnier, 2016/01/14
- [elpa] master f1cac66 11/23: Refine some ARIA checking to sync w/ current spec, Stefan Monnier, 2016/01/14
- [elpa] master ae3a23b 19/23: Allow the "nonce" attribute, Stefan Monnier, 2016/01/14
- [elpa] master 44fe4a7 16/23: Allow "minlength", Stefan Monnier, 2016/01/14
- [elpa] master 67350aa 15/23: Allow ARIA role=switch, Stefan Monnier, 2016/01/14
- [elpa] master fec8cdf 20/23: Add CSP syntax checking for <meta> & HTTP header,
Stefan Monnier <=
- [elpa] master 6e7c7c3 21/23: Make minlength checking behave as expected, Stefan Monnier, 2016/01/14
- [elpa] master 7635384 17/23: Align iframe[sandbox] checking with spec, Stefan Monnier, 2016/01/14
- [elpa] master 1f870ab 18/23: Align event-handler-attribute checking with spec, Stefan Monnier, 2016/01/14
- [elpa] master a426434 23/23: * html5-schema: Add locating-rules.xml and setup nxml to use it, Stefan Monnier, 2016/01/14
- [elpa] master dcd917c 01/23: Consolidated all RelaxNG files into `/schema` dir., Stefan Monnier, 2016/01/14
- [elpa] master 07bcdb8 22/23: Add 'packages/html5-schema/' from commit '6e7c7c331e7f6692be6c7d39fb9485792f0d3513', Stefan Monnier, 2016/01/14