W3C home > Mailing lists > Public > public-web-security@w3.org > October 2012

CSP violations introduced by Addons / Extensions

From: Eduardo' Vela <evn@google.com>
Date: Wed, 24 Oct 2012 23:22:00 -0700
Message-ID: <CAFswPa-foLYABt4xBhoqQdrARVa3M7Tx4dnQWfGW7NfTbKbvgw@mail.gmail.com>
To: "public-web-security@w3.org" <public-web-security@w3.org>
We've noticed that Extensions and Addons are responsible for CSP reports,
and it's hard for us to debug that.

It would be nice if there was a flag in the report that specifies if the
violation was initiated by an extension or an addon.

I understand there are challenges on doing this (eg, an extension can
inject a script which later generates a report).

Being able to differentiate this problems would assist us to more quickly
and efficiently reproduce and triage bugs.

This goes hand in hand with the other request (generating a DOM event/error
on CSP violations).
Received on Thursday, 25 October 2012 06:22:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 25 October 2012 06:22:48 GMT