Re: Including the Javascript stack trace in the ContentSecurityPolicy report

On 8/2/13 12:40 PM, Boris Zbarsky wrote:
>> The extra cost only occurs if a violation is detected which is expected
>> to be a rare event.
> The extra cost is that of either forcing CSP checks to be sync under DOM
> mutations or forcing DOM mutations to snapshot JS callstacks.

Oh, and I guess only in the case when there is a CSP.  So one obvious 
optimization for UAs is to continue doing load processing async but 
deoptimize the "has CSP" case by only snapshotting stacks on DOM 
mutations if there is a policy.  Which also seems suboptimal.  :(


Received on Friday, 2 August 2013 16:44:05 UTC