[webkit-reviews] review canceled: [Bug 97654] XMLHttpRequests blocked by CSP should throw a more descriptive exception. : [Attachment 166042] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 28 11:27:46 PDT 2012
Mike West <mkwst at chromium.org> has canceled Mike West <mkwst at chromium.org>'s
request for review:
Bug 97654: XMLHttpRequests blocked by CSP should throw a more descriptive
exception.
https://bugs.webkit.org/show_bug.cgi?id=97654
Attachment 166042: Patch
https://bugs.webkit.org/attachment.cgi?id=166042&action=review
------- Additional Comments from Mike West <mkwst at chromium.org>
After a conversation on IRC with Adam and Maciej, I'm dropping the review flag
for the moment. The current suggestion is not to expose the additional context
to JavaScript, but to store it on ExceptionBase, and teach the Inspector how to
display it.
This give us the best of both worlds: developers get good error messages, and
attackers don't get any additional information than they're getting already.
More information about the webkit-reviews
mailing list