ACTION-191: Inconsistency in source hash description

Inconsistency in source hash description

State:
closed
Person:
Mike West
Due on:
November 3, 2014
Created on:
October 27, 2014
Associated Product:
CSP Level 2
Related emails:
No related emails

Related notes:

I noticed descriptions about source hash are inconsistent in CSP Lv.2 Last Call Working Draft.
http://www.w3.org/TR/CSP11/
http://www.w3.org/TR/CSP2/

In 4.2.5, the draft says "Let actual be the base64 encoding of the binary digest of element’s content using the algorithm algorithm.”, however in 7.17.2, says "For example, the SHA-256 digest of alert('Hello, world.'); is YWIzOWNiNzJjNDRlYzc4MTgwMDhmZDlkOWI0NTAyMjgyY2MyMWJlMWUyNjc1ODJlYWJhNjU5MGU4NmZmNGU3OAo=.”.
The section 4.2.5 describe correctly according to the actual implementation for Google Chrome.
The correct base64 encoded SHA-256 binary digest of alert(‘Hello, world.’); is qznLcsROx4GACP2dm0UCKCzCG+HiZ1guq6ZZDob/Tng=.

It’s ovbious that the former is correct, and the latter is wrong though, this mistake is sometimes misleading.
(It mislead me actually…)

/**
* Yu Yagihashi
* yagihash@sfc.wide.ad.jp
*/

Brad Hill, 27 Oct 2014, 06:26:03

Fixed in https://github.com/w3c/webappsec/commit/19b3773c51465fd2ea32f6e0be7b39325a949b89

Mike West, 27 Oct 2014, 22:15:37

Display change log.


Daniel Veditz <dveditz@mozilla.com>, Mike West <mkwst@google.com>, Chairs, Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>, Staff Contacts
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 191.html,v 1.1 2020/01/17 08:51:38 carcone Exp $