W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2013

Re: SecurityPolicyViolation DOM events.

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 20 Mar 2013 09:14:03 -0400
Message-ID: <CADnb78jCFQh+WXeh5DQGbefNmvmvNj0jyWPKjv=maV9YbF601w@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>, "dveditz@mozilla.com" <dveditz@mozilla.com>, Adam Barth <w3c@adambarth.com>, "Hill, Brad" <bhill@paypal-inc.com>
On Tue, Mar 19, 2013 at 10:29 AM, Mike West <mkwst@google.com> wrote:
> I've updated the spec in
> https://dvcs.w3.org/hg/content-security-policy/rev/06d7091e7531 and
> https://dvcs.w3.org/hg/content-security-policy/rev/5ad7f5b58dc0. Hopefully
> that makes things a little less vague and strange. Thanks again, Anne, for
> the pointers!

So it's completely unclear when this event is dispatched. What task
source is used, how does it relate to other events that fire when the
violation occurs, etc.

I have the feeling the right long term solution is tight integration
with http://fetch.spec.whatwg.org/ to solve problems such as this. I
don't have an immediate suggestion on how to fix this, but I think we
should at least point out in the specification that this is not
considered.


-- 
http://annevankesteren.nl/
Received on Wednesday, 20 March 2013 13:14:34 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC