Re: Trigger a DOM event/error when a CSP violation happens. from Eduardo' Vela on 2012-10-26 (public-webappsec@w3.org from October 2012)

From: Eduardo' Vela <evn@google.com>
Date: Fri, 26 Oct 2012 16:37:58 -0700
To: Dan Veditz <dveditz@mozilla.com>
Cc: John J Barton <johnjbarton@johnjbarton.com>, Adam Barth <w3c@adambarth.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAFswPa9h9EXqOrRwmM-MCMPKxqdQpP0Mhspwrc00i97Q=d+EXg@mail.gmail.com>

Sure, it's cool to fix the chrome extensions/mozilla addons.

But it would also be nice to have the DOM exception (that's why I created
two threads).

On Fri, Oct 26, 2012 at 4:22 PM, Dan Veditz <dveditz@mozilla.com> wrote:

> On 10/26/12 4:16 PM, Eduardo' Vela wrote:
>
>> If we can't debug the origin of the alert, it's impossible for us to
>> differentiate an attack from a bug like this.
>>
>
> Sure, but you're more likely to get a faster fix for a bug acknowledged by
> both Mozilla and Google than to get a new DOM Event feature added to the
> next revision of the spec when we haven't even published the current
> version.
>
>

Received on Friday, 26 October 2012 23:38:46 UTC