Update references and clarify section 3.5 in the current version of the spec #112
Conversation
|
Do we need to define hash-with-options as conforming at all? We need to deal with |
The purpose is to rule out So, going further than suggested, you're saying that dealing with Then, even if |
|
Yeah, exactly. @mozfreddyb does that seem reasonable to you? |
| @@ -451,24 +451,21 @@ spec: SHA2; urlPrefix: http://csrc.nist.gov/publications/fips/fips180-4/fips-180 | |||
| valid metadata as described by the following ABNF grammar: | |||
|
|
|||
| <pre dfn-type="grammar" link-type="grammar"> | |||
| <dfn>integrity-metadata</dfn> = *<a>WSP</a> <a>hash-with-options</a> *(1*<a>WSP</a> <a>hash-with-options</a> ) *<a>WSP</a> / *<a>WSP</a> | |||
There was a problem hiding this comment.
2.2 Grammatical Concepts defines WSP with reference to 2.4.1 Common parser idioms. The link is broken and redirects to https://html.spec.whatwg.org. On the other hand, Terms defined by reference defines WSP and VCHAR with reference to RFC5234:ABNF.
Therefore, in 2.2 Grammatical Concepts, it seems that WSP should be modified to refer to RFC5234:ABNF as well as VCHAR.
Yeah, it's probably fine if the |
|
|
||
| <a>WSP</a> (white space) characters are defined in <a href="http://www.w3.org/TR/html5/infrastructure.html#space-character">Section 2.4.1 Common parser idioms</a> of the HTML 5 specification as | ||
| <code>White_Space characters</code>. [[!HTML5]] | ||
| [[!ABNF]] defines <a>VCHAR</a> (printing characters) and <a>WSP</a> (white space). |
There was a problem hiding this comment.
So the previous text makes no sense, but I wonder if it was meant to match https://infra.spec.whatwg.org/#ascii-whitespace? That would be LWSP / %x0C.
This also seems like a problem with the parser. It references https://infra.spec.whatwg.org/#strictly-split but doesn't define spaces. I suspect it meant to reference https://infra.spec.whatwg.org/#split-on-ascii-whitespace?
Are there tests for this?
There was a problem hiding this comment.
As you said, ASCII whitespace seems to be equivalent to LWSP. And the implementation, Chromium, use ASCIISpace defined as follows.
inline bool IsASCIISpace(CharType c) {
return c <= ' ' && (c == ' ' || (c <= 0xD && c >= 0x9));
}
In this situation, as you said, I think it would be better to refer to split-on-ascii-whitespace rather than strictly-split for the parser. And it seems fitting to use LWSP, which refers to ASCII whitespace, instead of WSP. The ABNF in Section 3.5 will also need to be modified accordingly. Does it make sense?
There was a problem hiding this comment.
So Chrome's definition also counts U+000B as whitespace if I'm reading that correctly. That seems wrong.
And note that LWSP excludes U+000C (which is why I added that above).
I think we should use ASCII whitespace here and file a bug on Chrome for them including U+000B. And use LWSP / %x0C in ABNF.
| Note: Since no `options` are not defined (see the | ||
| [[#integrity-metadata-description]]), the above ABNF syntax does not consider | ||
| them. If `options` are defined in a future version, the ABNF syntax should be | ||
| modified accordingly. |
There was a problem hiding this comment.
Would it be ok this way? @annevk
|
|
||
| <a>WSP</a> (white space) characters are defined in <a href="http://www.w3.org/TR/html5/infrastructure.html#space-character">Section 2.4.1 Common parser idioms</a> of the HTML 5 specification as | ||
| <code>White_Space characters</code>. [[!HTML5]] | ||
| [[!ABNF]] defines <a>VCHAR</a> (printing characters) and <a>WSP</a> (white space). |
There was a problem hiding this comment.
So the previous text makes no sense, but I wonder if it was meant to match https://infra.spec.whatwg.org/#ascii-whitespace? That would be LWSP / %x0C.
This also seems like a problem with the parser. It references https://infra.spec.whatwg.org/#strictly-split but doesn't define spaces. I suspect it meant to reference https://infra.spec.whatwg.org/#split-on-ascii-whitespace?
Are there tests for this?
| will define a more specific syntax for options, so it is defined here as broadly | ||
| as possible. | ||
|
|
||
| Note: Since no `options` are not defined (see the |
There was a problem hiding this comment.
| Note: Since no `options` are not defined (see the | |
| Note: Since no `options` are defined (see the |
|
|
||
| Note: Since no `options` are not defined (see the | ||
| [[#integrity-metadata-description]]), the above ABNF syntax does not consider | ||
| them. If `options` are defined in a future version, the ABNF syntax should be |
There was a problem hiding this comment.
| them. If `options` are defined in a future version, the ABNF syntax should be | |
| them. If `options` are defined in a future version, the ABNF syntax will be |
| Note: Since no `options` are not defined (see the | ||
| [[#integrity-metadata-description]]), the above ABNF syntax does not consider | ||
| them. If `options` are defined in a future version, the ABNF syntax should be | ||
| modified accordingly. |
I am submitting a new pull request according to the comments(#84 (comment), #84 (comment)) from @annevk. It updates the CSP reference and modifies the 3.5 The integrity attribute to be clear in the current version of the spec where
optionsare not defined.Issue Number: #84
Preview | Diff