Join GitHub today
Consider representing malformed directives #231
This project is strict about what it accepts, which is generally good. But since people are bad at writing CSPs, they often end up with slightly malformed policies - for example, with a malformed report-uri. If salvation is used as a tool for manipulating those polices, it might be best to leave the malformed parts alone, rather than stripping them out.
This would also provide a measure of future-proofing, so that new directives which have not yet been added to this project don't get dropped.
I could go either way with this. I also see the value in guaranteeing that the library never produces a malformed policy. Maybe we just weaken that to guarantee the policy is not malformed if it was constructed entirely from scratch? So the only way the output would be malformed is through starting out parsing an already malformed policy?