- From: Mike West <mkwst@google.com>
- Date: Sat, 20 Apr 2013 23:21:59 +0200
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Saturday, 20 April 2013 21:22:47 UTC
>From https://github.com/blog/1477-content-security-policy: "Depending on the browser, the report payload can be pretty vague. You're lucky to get a line number (without any offset) on a minified js file when a script triggers a violation. It's usually impossible to tell if the error is happening in your JS or some extension inject code. " Does anyone have any objection to adding column numbers to CSP 1.1's violation reports and securitypolicyviolation events? I don't think it adds anything relevant from a privacy perspective above and beyond line numbers, but it could certainly be useful for detail in minified code. -mike -- Mike West <mkwst@google.com>, Developer Advocate Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
Received on Saturday, 20 April 2013 21:22:47 UTC