W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2013

Re: Including the Javascript stack trace in the ContentSecurityPolicy report

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Fri, 02 Aug 2013 10:09:49 -0400
Message-ID: <51FBBDAD.8000508@mit.edu>
To: public-webappsec@w3.org
On 8/2/13 9:29 AM, Henry Wong wrote:
> Is there a particular
> reason not to include the stack trace other than that it might not
> always be relevant?

It's a significant burden on implementations to do it, especially 
without killing performance.  Because loads are async, any operation 
that might start a load has to eagerly save the stack trace just in case 
the load will later fail a CSP check...

Received on Friday, 2 August 2013 15:25:12 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:02 UTC