W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2012

Re: Trigger a DOM event/error when a CSP violation happens.

From: Dan Veditz <dveditz@mozilla.com>
Date: Fri, 26 Oct 2012 16:19:54 -0700
Message-ID: <508B1A9A.7010507@mozilla.com>
To: John J Barton <johnjbarton@johnjbarton.com>
CC: Adam Barth <w3c@adambarth.com>, Eduardo' Vela <evn@google.com>, public-webappsec@w3.org
On 10/26/12 4:12 PM, John J Barton wrote:
> On Fri, Oct 26, 2012 at 3:53 PM, Dan Veditz <dveditz@mozilla.com> wrote:
>> privacy principal that user-agent supplied policies do not report violations
>> to the originating server or page content.
>
> Similarly, extension supplied policies should not report. Otherwise
> web pages can probe the users installed extensions.

I was going for brevity with user-AGENT supplied policies, agnostic to 
whether the UA got the policy directly from the user or (more likely) 
from an extension installed by the user. Sorry if it was unclear.
Received on Friday, 26 October 2012 23:20:24 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 26 October 2012 23:20:25 GMT