Link to spec. Show port and path.

www/index.html

@@ -305,7 +305,7 @@ <h5>Example navigate-to Policy</h5>
       <br>
 
       <h2 id="source_list">Source List Reference</h2>
-      <p>All of the directives that end with <code>-src</code> support similar values known as a source list. Multiple source list values can be space separated with the exception of <code>'none'</code> which should be the only value.</p>
+      <p>All of the directives that end with <code>-src</code> support similar values known as a <a href="https://w3c.github.io/webappsec-csp/#framework-directive-source-list">source list</a>. Multiple source list values can be space separated with the exception of <code>'none'</code> which should be the only value.</p>
       <table class="table table-bordered table-responsive">
         <thead>
           <tr>
@@ -355,6 +355,16 @@ <h2 id="source_list">Source List Reference</h2>
             <td><code>img-src https:</code></td>
             <td>Allows loading resources only over HTTPS on any domain.</td>
           </tr>
+          <tr>
+            <td><code>https://example.com:12/path/to/file.js</code></td>
+            <td><code>script-src https://example.com:12/path/to/file.js</code></td>
+            <td>Allows loading resources only over HTTPS and matching the given domain, port, and path.</td>
+          </tr>
+          <tr>
+            <td><code>example.com:*</code></td>
+            <td><code>script-src example.com:*</code></td>
+            <td>Allows loading resources only matching the given domain on any port.</td>
+          </tr>
           <tr>
             <td><a href="/unsafe-inline/" title="CSP unsafe-inline"><code>'unsafe-inline'</code></a></td>
             <td><code>script-src 'unsafe-inline'</code></td>