W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2012

Re: Trigger a DOM event/error when a CSP violation happens.

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 24 Oct 2012 23:31:40 -0700
Message-ID: <CAJE5ia-xy-BKzA1U=6oCnxaXyxdXuPq55pbV6H0mvS4RemJdVA@mail.gmail.com>
To: "Eduardo' Vela" <evn@google.com>
Cc: public-webappsec@w3.org
On Wed, Oct 24, 2012 at 11:18 PM, Eduardo' Vela <evn@google.com> wrote:
> I believe this has been discussed before.
>
> We have found a lot of challenges triaging reports to the point we are
> considering disabling CSP since it's useless as we can't effectively debug
> it, this is very important for large scale applications.
>
> Could it be possible to trigger a CSP DOM event or simply trigger an error
> (which will raise an onerror event).

This sounds like something we should experiment with in CSP 1.1.  We
can try a prototype implementation in WebKit to see how feasible it
is.

Adam
Received on Thursday, 25 October 2012 06:33:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 25 October 2012 06:33:25 GMT