I thought the script-nonce directive uses `nonce' attribute that should only contain the nonce and nothing else. That would mean you only need to do a full string compare and not worry about "xyz abc" case.
https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#script-nonce -dev On 27 March 2013 09:21, Boris Zbarsky <[email protected]> wrote: > On 3/27/13 11:34 AM, [email protected] wrote: >> >> Thank you Boris. With you mentioned changes, suppose I only want to check, >> if the script element owns a class value "xyz", i.e. <script class="xyz"> >> >> Could I use something like this? >> >> int32_t containsClassVar = scriptElem->FindAttrValueIn(aNameSpaceID, >> "class", "xyz", eCaseMatters); > > > How do you want <script class="xyz abc"> to behave? And also, > nsGkAtoms::_class instead of "class", and the next argument should be an > atom pointer array... But I suspect all that is moot given what you're > likely to say about the "xyz abc" case. ;) > > >> What do I have to use for "aNameSpaceID"? > > > kNameSpaceID_None, if you're doing this. > > -Boris > > _______________________________________________ > dev-security mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
