- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Fri, 02 Aug 2013 07:53:56 -0400
- To: public-webappsec@w3.org
On 8/2/13 7:49 AM, Henry Wong wrote:
> I'd like to propose that CSP reports include the Javascript stack trace
> that resulted in loading the forbidden resource (similar to window.onerror).
Can you define "resulted"? For example if I createElement("iframe"),
then set the src, then insert it into the document, which of those
operations "results" in the load?
Note also that load are in many cases triggered asynchronously and can
be coalesced across various DOM mutations, so any implementation of this
might significantly slow down DOM mutations that might result in loads. :(
-Boris
Received on Friday, 2 August 2013 11:54:25 UTC