W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2013

Re: Including the Javascript stack trace in the ContentSecurityPolicy report

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Fri, 02 Aug 2013 10:09:49 -0400
Message-ID: <51FBBDAD.8000508@mit.edu>
To: public-webappsec@w3.org
On 8/2/13 9:29 AM, Henry Wong wrote:
> Is there a particular
> reason not to include the stack trace other than that it might not
> always be relevant?

It's a significant burden on implementations to do it, especially 
without killing performance.  Because loads are async, any operation 
that might start a load has to eagerly save the stack trace just in case 
the load will later fail a CSP check...

Received on Friday, 2 August 2013 15:25:12 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:34 UTC