





























@@ -436,13 +436,13 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
436436 and restricted behaviors, and may be applied to a {{Document}}, {{WorkerGlobalScope}}, or
437437{{WorkletGlobalScope}}.
438438439- Each policy has an associated <dfn for="policy" export>directive set</dfn>, which is an <a>ordered
439+ Each policy has an associated <dfn for="content security policy object" export>directive set</dfn>, which is an <a>ordered
440440 set</a> of <a>directives</a> that define the policy's implications when applied.
441441442- Each policy has an associated <dfn for="policy" export>disposition</dfn>, which is either
442+ Each policy has an associated <dfn for="content security policy object" export>disposition</dfn>, which is either
443443 "`enforce`" or "`report`".
444444445- Each policy has an associated <dfn for="policy" export>source</dfn>, which is either "`header`"
445+ Each policy has an associated <dfn for="content security policy object" export>source</dfn>, which is either "`header`"
446446 or "`meta`".
447447448448 Multiple [=/policies=] can be applied to a single resource. A <dfn export>CSP
@@ -458,7 +458,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
458458459459 A [=/CSP list=] <dfn export>contains a header-delivered Content Security
460460 Policy</dfn> if its [=CSP list/policies=] [=list/contain=] a [=/policy=] whose
461-[=policy/source=] is "`header`".
461+[=content security policy object/source=] is "`header`".
462462463463 A <dfn export>serialized CSP</dfn> is an <a>ASCII string</a> consisting of a semicolon-delimited
464464 series of <a>serialized directives</a>, adhering to the following ABNF grammar [[!RFC5234]]:
@@ -483,18 +483,18 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
483483 </h4>
484484485485 To <dfn abstract-op>parse a serialized CSP</dfn>, given a [=byte sequence=] or
486-[=string=] |serialized|, a [=policy/source=] |source|, and a [=policy/disposition=]
486+[=string=] |serialized|, a [=content security policy object/source=] |source|, and a [=content security policy object/disposition=]
487487 |disposition|, execute the following steps.
488488489489 This algorithm returns a [=Content Security Policy object=]. If |serialized| could not be
490- parsed, the object's [=policy/directive set=] will be empty.
490+ parsed, the object's [=content security policy object/directive set=] will be empty.
491491492492<ol class="algorithm">
493493 1. If |serialized| is a [=byte sequence=], then set |serialized| to be the result of
494494[=isomorphic decoding=] |serialized|.
495495496- 2. Let |policy| be a new [=/policy=] with an empty [=policy/directive set=], a [=policy/source=]
497- of |source|, and a [=policy/disposition=] of |disposition|.
496+ 2. Let |policy| be a new [=/policy=] with an empty [=content security policy object/directive set=], a [=content security policy object/source=]
497+ of |source|, and a [=content security policy object/disposition=] of |disposition|.
498498499499 3. <a for=list>For each</a> |token| returned by [=strictly split a string|strictly splitting=] |serialized| on
500500 the U+003B SEMICOLON character (`;`):
@@ -512,7 +512,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
512512 Note: Directive names are case-insensitive, that is: `script-SRC 'none'` and
513513 `ScRiPt-sRc 'none'` are equivalent.
514514515- 5. If |policy|'s [=policy/directive set=] contains a [=directive=] whose [=directive/name=]
515+ 5. If |policy|'s [=content security policy object/directive set=] contains a [=directive=] whose [=directive/name=]
516516 is |directive name|, [=iteration/continue=].
517517518518 Note: In this case, the user agent SHOULD notify developers that a duplicate
@@ -525,7 +525,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
525525 7. Let |directive| be a new [=directive=] whose [=directive/name=] is |directive name|, and
526526[=directive/value=] is |directive value|.
527527528- 8. [=set/append|Append=] |directive| to |policy|'s [=policy/directive set=].
528+ 8. [=set/append|Append=] |directive| to |policy|'s [=content security policy object/directive set=].
529529530530 4. Return |policy|.
531531</ol>
@@ -548,18 +548,18 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
548548549549 1. Let |policy| be the result of
550550<a abstract-op lt="parse a serialized CSP">parsing</a> |token|, with a
551-[=policy/source=] of "`header`", and a [=policy/disposition=] of "`enforce`".
551+[=content security policy object/source=] of "`header`", and a [=content security policy object/disposition=] of "`enforce`".
552552553- 2. If |policy|'s [=policy/directive set=] is not empty, append |policy| to |policies|.
553+ 2. If |policy|'s [=content security policy object/directive set=] is not empty, append |policy| to |policies|.
554554555555 3. <a for=list>For each</a> |token| returned by [=extracting header list values=] given
556556 `Content-Security-Policy-Report-Only` and |response|'s [=response/header list=]:
557557558558 1. Let |policy| be the result of
559559<a abstract-op lt="parse a serialized CSP">parsing</a> |token|, with a
560-[=policy/source=] of "`header`", and a [=policy/disposition=] of "`report`".
560+[=content security policy object/source=] of "`header`", and a [=content security policy object/disposition=] of "`report`".
561561562- 2. If |policy|'s [=policy/directive set=] is not empty, append |policy| to |policies|.
562+ 2. If |policy|'s [=content security policy object/directive set=] is not empty, append |policy| to |policies|.
563563564564 4. Return a [=/CSP list=] whose [=CSP list/policies=] is |policies| and
565565[=CSP list/self-origin=] is |response|'s [=response/url=]'s [=url/origin=].
@@ -1573,7 +1573,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
1573157315741574 4. Execute [[#report-violation]] on |violation|.
157515751576- 5. If |policy|'s [=policy/disposition=] is "`enforce`", then set |result| to
1576+ 5. If |policy|'s [=content security policy object/disposition=] is "`enforce`", then set |result| to
15771577 "`Blocked`".
1578157815791579 4. If |result| is "`Blocked`", throw an `EvalError` exception.
@@ -1622,7 +1622,7 @@ this algorithm returns normally if compilation is allowed, and throws a
1622162216231623 3. Execute [[#report-violation]] on |violation|.
162416241625- 4. If |policy|'s [=policy/disposition=] is "`enforce`", then set |result| to
1625+ 4. If |policy|'s [=content security policy object/disposition=] is "`enforce`", then set |result| to
16261626 "`Blocked`".
16271627162816284. If |result| is "`Blocked`", throw a {{WebAssembly.CompileError}} exception.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。