Re: Including the Javascript stack trace in the ContentSecurityPolicy report

On 8/2/13 7:49 AM, Henry Wong wrote:
> I'd like to propose that CSP reports include the Javascript stack trace
> that resulted in loading the forbidden resource (similar to window.onerror).

Can you define "resulted"?  For example if I createElement("iframe"), 
then set the src, then insert it into the document, which of those 
operations "results" in the load?

Note also that load are in many cases triggered asynchronously and can 
be coalesced across various DOM mutations, so any implementation of this 
might significantly slow down DOM mutations that might result in loads.  :(


Received on Friday, 2 August 2013 11:54:25 UTC