W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2013

Column numbers in violation reports.

From: Mike West <mkwst@google.com>
Date: Sat, 20 Apr 2013 23:21:59 +0200
Message-ID: <CAKXHy=fPVsQoNeJHsAk8ukiPDfJ7daHJ+zu799T=rNNsCFULoQ@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
>From https://github.com/blog/1477-content-security-policy:

"Depending on the browser, the report payload can be pretty vague. You're
lucky to get a line number (without any offset) on a minified js file when
a script triggers a violation. It's usually impossible to tell if the error
is happening in your JS or some extension inject code. "

Does anyone have any objection to adding column numbers to CSP 1.1's
violation reports and securitypolicyviolation events? I don't think it adds
anything relevant from a privacy perspective above and beyond line numbers,
but it could certainly be useful for detail in minified code.


Mike West <mkwst@google.com>, Developer Advocate
Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Received on Saturday, 20 April 2013 21:22:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:32 UTC