W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2013

Re: Column numbers in violation reports.

From: Eduardo' Vela <evn@google.com>
Date: Sat, 20 Apr 2013 19:16:22 -0700
Message-ID: <CAFswPa-bYXHPH5bENhLkgsq6bx7NviLZ0r-3ZhfqVkC0c+C+1Q@mail.gmail.com>
To: Adam Barth <w3c@adambarth.com>
Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
This would be great, I didn't realize there were line errors now.


On Sat, Apr 20, 2013 at 4:00 PM, Adam Barth <w3c@adambarth.com> wrote:

> If we're sending the line number, I don't see any harm in sending the
> column number as well.
>
> Adam
>
>
>
> On Sat, Apr 20, 2013 at 2:21 PM, Mike West <mkwst@google.com> wrote:
>
>> From https://github.com/blog/1477-content-security-policy:
>>
>> "Depending on the browser, the report payload can be pretty vague. You're
>> lucky to get a line number (without any offset) on a minified js file when
>> a script triggers a violation. It's usually impossible to tell if the error
>> is happening in your JS or some extension inject code. "
>>
>> Does anyone have any objection to adding column numbers to CSP 1.1's
>> violation reports and securitypolicyviolation events? I don't think it adds
>> anything relevant from a privacy perspective above and beyond line numbers,
>> but it could certainly be useful for detail in minified code.
>>
>> -mike
>>
>> --
>> Mike West <mkwst@google.com>, Developer Advocate
>> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany
>> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
>>
>
>
Received on Sunday, 21 April 2013 02:17:10 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC