W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2013

Re: Why no fragment part in CSP-report document-uri?

From: John Wilander <john.wilander@owasp.org>
Date: Wed, 13 Feb 2013 11:26:49 +0100
Message-ID: <CALrECXC4=wSSwePaGdUnWH2zFe5MeYfP5uxu8UTOB6M3Cj+v_A@mail.gmail.com>
To: public-webappsec <public-webappsec@w3.org>
2013/2/13 John Wilander <john.wilander@owasp.org>

> document-uriThe address<http://www.w3.org/TR/html5/dom.html#the-document%27s-address>of the protected resource, with any
> <fragment> <http://www.w3.org/TR/html5/urls.html#url-fragment> component
> removed.


Sorry, I meant the ...
*blocked-uri*URI of the resource that was prevented from loading due to the
policy violation, *with any
<fragment><http://www.w3.org/TR/html5/urls.html#url-fragment>component
removed
*, or the empty string if the resource has no URI (inline script and inline
style, for example).

Still.


   /John

-- 
John Wilander, https://twitter.com/johnwilander
Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
Conf Comm, http://www.owasp.org/index.php/Global_Conferences_Committee
My music http://www.johnwilander.com & my résumé http://johnwilander.se
Received on Wednesday, 13 February 2013 10:27:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 13 February 2013 10:27:17 GMT