On Thu, Dec 29, 2011 at 1:24 PM, Julian Reschke <julian.resc...@gmx.de> wrote: > On 2011-12-29 22:18, Adam Barth wrote: >> On Thu, Dec 29, 2011 at 1:13 PM, Julian Reschke<julian.resc...@gmx.de> >> wrote: >>> On 2011-12-29 20:50, Adam Barth wrote: >>>> As I wrote before, I don't think we should include quoted-string in >>>> the grammar. As far as I know, no one has implemented it and I have >>>> no plans to implement quoted-string in Chrome. Having quoted-string >>>> in the grammar only leads to pain., >>> >>> It would be helpful if you were more precise on the pain it causes, >>> considering you need to process extension directives anyway... >> >> We've been over this several times before. The problem is the >> requirement to balance DQUOTE and the complexities surrounding the >> error conditions if the DQUOTEs don't balance properly (including >> escaping). > > Yes, but you are avoiding the question I asked. Are you implementing > quoted-string for extension parameters?
No. Here's the grammar I recommend: Strict-Transport-Security = "Strict-Transport-Security" ":" directive *( ";" [ directive ] ) directive = max-age | includeSubDomains | STS-d-ext max-age = "max-age" "=" delta-seconds includeSubDomains = "includeSubDomains" STS-d-ext = token [ "=" token ] I would also define the precise requirements for parsing all possible input sequences, but I understand that's not fashionable. Adam _______________________________________________ websec mailing list websec@ietf.org https://www.ietf.org/mailman/listinfo/websec