Skip to content

Commit db54c27

Browse files
triple-underscoretriple-underscore
committed
[CSP3] Further clarify post-request check w3c/webappsec-csp@7690298 
1 parent 3c40cfc commit db54c27

File tree

1 file changed

+31
-8
lines changed

1 file changed

+31
-8
lines changed

CSP3-ja.html

Lines changed: 31 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -137,8 +137,8 @@
137137
●●options
138138

139139
spec_title:Content Security Policy Level 3
140-
spec_date:2025-06-02
141-
trans_update:2025-06-03
140+
spec_date:2025-06-06
141+
trans_update:2025-06-08
142142
source_checked:230220
143143
page_state_key:WEBAPPSEC
144144
original_url:https://w3c.github.io/webappsec-csp/
@@ -10422,6 +10422,20 @@ <h5 title="Script directives post-request check">6.7.1.2. ~script指令の要請
1042210422
1042310423
Given a request request, a response response, a directive directive, and a policy policy:
1042410424
</p>
10425+
10426+
<p class="note">注記:
10427+
この検査には,入力~parameterとして[
10428+
%要請, %応答
10429+
]どちらも必要になる
10430+
— %要請 の[
10431+
`暗号用~nonce~metadata$rq / `完全性~metadata$rq
10432+
]が合致する場合、
10433+
当の~scriptを読込むことは許容され,
10434+
%応答 の`~URL$rsが`~source~list$に合致するかどうかかの検査は飛ばされるので。
10435+
10436+
Note: This check needs both request and response as input parameters since if request’s cryptographic nonce metadata or integrity metadata matches, then the script is allowed to load and the check of whether response’s url matches the source list is skipped.
10437+
</p>
10438+
1042510439
<ol>
1042610440
<li>
1042710441
%~list ~LET %指令 の`値$
@@ -10461,9 +10475,9 @@ <h5 title="Script directives post-request check">6.7.1.2. ~script指令の要請
1046110475
If the result of executing § 6.7.2.4 Does integrity metadata match source list? on request’s integrity metadata and this directive’s value is "Matches", return "Allowed".
1046210476
</li>
1046310477
<li>
10478+
<p>
1046410479
~IF[
10465-
%~list 内に `strict-dynamic$pl は在る
10466-
【`大小無視$sub?】
10480+
`strict-dynamic$pl ~IN`大小無視$sub %~list
1046710481
1046810482
1046910483
~RET [
@@ -10473,10 +10487,19 @@ <h5 title="Script directives post-request check">6.7.1.2. ~script指令の要請
1047310487
1047410488
%要請 の`構文解析器~metadata$rq ~NEQ `parser-inserted$l
1047510489
10476-
If directive’s value contains "'strict-dynamic'":
10477-
• If request’s parser metadata is not "parser-inserted", return "Allowed".
10478-
• Otherwise, return "Blocked".
10479-
</li>
10490+
If directive’s value contains a source expression that is an ASCII case-insensitive match for the "'strict-dynamic'" keyword-source:
10491+
• If the request’s parser metadata is "parser-inserted", return "Blocked".
10492+
• Otherwise, return "Allowed".
10493+
</p>
10494+
10495+
<p class="note">注記:
10496+
`strict-dynamic$pl についての詳細は、
10497+
`§ ~strict-dynamic の用法$
10498+
にて。
10499+
10500+
Note: "'strict-dynamic'" is explained in more detail in § 8.2 Usage of "'strict-dynamic'".
10501+
</p>
10502+
</li>
1048010503
<li>
1048110504
~IF[
1048210505
`要請に対する応答は~source~listに合致するか?$A( %応答, %要請, %~list, %施策 )

0 commit comments

Comments
 (0)