- From: Mike West <mkwst@google.com>
- Date: Thu, 25 Oct 2012 08:58:25 +0200
- To: Adam Barth <w3c@adambarth.com>
- Cc: "Eduardo' Vela" <evn@google.com>, public-webappsec@w3.org
Received on Thursday, 25 October 2012 06:59:14 UTC
Triggering an error is something we should probably be doing anyway. There are a number of bugs in WebKit on exactly this point. I know we're currently triggering an error event for images, but there are a number of other elements where that's not happening. Beyond the error event, are you asking for a new event type for resources blocked by CSP? Do the console warnings not give you enough detail? -- Mike West <mkwst@google.com>, Developer Advocate Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 On Thu, Oct 25, 2012 at 8:31 AM, Adam Barth <w3c@adambarth.com> wrote: > On Wed, Oct 24, 2012 at 11:18 PM, Eduardo' Vela <evn@google.com> wrote: > > I believe this has been discussed before. > > > > We have found a lot of challenges triaging reports to the point we are > > considering disabling CSP since it's useless as we can't effectively > debug > > it, this is very important for large scale applications. > > > > Could it be possible to trigger a CSP DOM event or simply trigger an > error > > (which will raise an onerror event). > > This sounds like something we should experiment with in CSP 1.1. We > can try a prototype implementation in WebKit to see how feasible it > is. > > Adam > >
Received on Thursday, 25 October 2012 06:59:14 UTC