[webkit-reviews] review granted: [Bug 112783] CSP 1.1: Fire a SecurityPolicyViolationEvent when violations occur. : [Attachment 194005] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 21 09:54:43 PDT 2013
Adam Barth <abarth at webkit.org> has granted Mike West <mkwst at chromium.org>'s
request for review:
Bug 112783: CSP 1.1: Fire a SecurityPolicyViolationEvent when violations occur.
https://bugs.webkit.org/show_bug.cgi?id=112783
Attachment 194005: Patch
https://bugs.webkit.org/attachment.cgi?id=194005&action=review
------- Additional Comments from Adam Barth <abarth at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=194005&action=review
> Source/WebCore/page/ContentSecurityPolicy.cpp:1688
> + if (stack) {
prefer early return
> Source/WebCore/page/ContentSecurityPolicy.cpp:1692
> + KURL source = KURL(KURL(), callFrame.sourceURL());
This should probably use the ParsedURLString version of the constructor.
> Source/WebCore/page/ContentSecurityPolicy.cpp:1718
> +
document->enqueueDocumentEvent(SecurityPolicyViolationEvent::create(eventNames(
).securitypolicyviolationEvent, init));
Do, we always fire the event at the document? I guess that's ok. It seems
like it would be better to fire the event at the element that caused the
violation, but I guess there isn't always an element...
More information about the webkit-reviews
mailing list