Re: Trigger a DOM event/error when a CSP violation happens. from Dan Veditz on 2012-10-26 (public-webappsec@w3.org from October 2012)

From: Dan Veditz <dveditz@mozilla.com>
Date: Fri, 26 Oct 2012 16:19:54 -0700
To: John J Barton <johnjbarton@johnjbarton.com>
CC: Adam Barth <w3c@adambarth.com>, Eduardo' Vela <evn@google.com>, public-webappsec@w3.org
Message-ID: <508B1A9A.7010507@mozilla.com>

On 10/26/12 4:12 PM, John J Barton wrote:
> On Fri, Oct 26, 2012 at 3:53 PM, Dan Veditz <dveditz@mozilla.com> wrote:
>> privacy principal that user-agent supplied policies do not report violations
>> to the originating server or page content.
>
> Similarly, extension supplied policies should not report. Otherwise
> web pages can probe the users installed extensions.

I was going for brevity with user-AGENT supplied policies, agnostic to 
whether the UA got the policy directly from the user or (more likely) 
from an extension installed by the user. Sorry if it was unclear.

Received on Friday, 26 October 2012 23:20:24 UTC