Re: CSP reports on eval() and inline from Pete Freitag on 2014-09-05 (public-webappsec@w3.org from September 2014)

From: Pete Freitag <pete@foundeo.com>
Date: Fri, 5 Sep 2014 10:28:27 -0400
To: "Hill, Brad" <bhill@paypal.com>
Cc: Neil Matatall <neilm@twitter.com>, Mike West <mkwst@google.com>, Pawel Krawczyk <pawel.krawczyk@hush.com>, "Daniel Veditz <dveditz@mozilla. com>" <dveditz@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAADZ8V5aT0JSo9ByJjNRoy-TcqsA7e2AN7Y+UWvton30VsAweA@mail.gmail.com>

On Thu, Sep 4, 2014 at 2:11 PM, Hill, Brad <bhill@paypal.com> wrote:

> If one implementation is reporting something that users find sane and
> useful, where other implementations aren't reporting anything, documenting
> and converging on the existing useful behavior would be my strongest
> preference.
>

I find the "script-sample" that Firefox sends in CSP reports to be very
useful.

--
Pete Freitag
http://content-security-policy.com/ - CSP Quick Reference

Received on Friday, 5 September 2014 14:35:32 UTC