W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2012

Re: Trigger a DOM event/error when a CSP violation happens.

From: Dan Veditz <dveditz@mozilla.com>
Date: Fri, 26 Oct 2012 16:07:26 -0700
Message-ID: <508B17AE.9060008@mozilla.com>
To: Eduardo' Vela <evn@google.com>
CC: Adam Barth <w3c@adambarth.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On 10/26/12 4:04 PM, Eduardo' Vela wrote:
> We have manually looked into some of them and they are usually
> addons/extensions

That's a bug that Firefox and Chrome both need to fix.

> (when they aren't, they are things like copy-pasting
> an image into a wysiwyg field).

I don't know how to fix that off-hand, but it shouldn't be a huge flood. 
Should be qualitatively different from an attack.

-Dan Veditz
Received on Friday, 26 October 2012 23:07:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 26 October 2012 23:07:58 GMT