- From: Eduardo' Vela <evn@google.com>
- Date: Sat, 20 Apr 2013 19:16:22 -0700
- To: Adam Barth <w3c@adambarth.com>
- Cc: Mike West <mkwst@google.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Received on Sunday, 21 April 2013 02:17:10 UTC
This would be great, I didn't realize there were line errors now. On Sat, Apr 20, 2013 at 4:00 PM, Adam Barth <w3c@adambarth.com> wrote: > If we're sending the line number, I don't see any harm in sending the > column number as well. > > Adam > > > > On Sat, Apr 20, 2013 at 2:21 PM, Mike West <mkwst@google.com> wrote: > >> From https://github.com/blog/1477-content-security-policy: >> >> "Depending on the browser, the report payload can be pretty vague. You're >> lucky to get a line number (without any offset) on a minified js file when >> a script triggers a violation. It's usually impossible to tell if the error >> is happening in your JS or some extension inject code. " >> >> Does anyone have any objection to adding column numbers to CSP 1.1's >> violation reports and securitypolicyviolation events? I don't think it adds >> anything relevant from a privacy perspective above and beyond line numbers, >> but it could certainly be useful for detail in minified code. >> >> -mike >> >> -- >> Mike West <mkwst@google.com>, Developer Advocate >> Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany >> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 >> > >
Received on Sunday, 21 April 2013 02:17:10 UTC