[webkit-reviews] review granted: [Bug 235602] CSP: Clean up effective-violation handling in reports : [Attachment 450136] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 27 08:50:11 PST 2022
Kate Cheney <katherine_cheney at apple.com> has granted Patrick Griffis
<pgriffis at igalia.com>'s request for review:
Bug 235602: CSP: Clean up effective-violation handling in reports
https://bugs.webkit.org/show_bug.cgi?id=235602
Attachment 450136: Patch
https://bugs.webkit.org/attachment.cgi?id=450136&action=review
--- Comment #7 from Kate Cheney <katherine_cheney at apple.com> ---
Comment on attachment 450136
--> https://bugs.webkit.org/attachment.cgi?id=450136
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=450136&action=review
r=me once EWS is happy.
> Source/WebCore/page/csp/ContentSecurityPolicy.cpp:74
> + // Normalize script-src and style-src for logs as its generally what
developers use
nit: missing a period at the end of this comment.
> Source/WebCore/page/csp/ContentSecurityPolicy.cpp:75
> + if
(violatedDirective.nameForReporting().startsWith(ContentSecurityPolicyDirective
Names::scriptSrc))
you could remove the else statements and have fewer lines of code if you do
something like:
String name = violatedDirective.nameForReporting();
if
(violatedDirective.nameForReporting().startsWith(ContentSecurityPolicyDirective
Names::scriptSrc))
name = ContentSecurityPolicyDirectiveNames::scriptSrc;
if
(violatedDirective.nameForReporting().startsWith(ContentSecurityPolicyDirective
Names::styleSrc))
name = ContentSecurityPolicyDirectiveNames::styleSrc;
> Source/WebCore/page/csp/ContentSecurityPolicy.cpp:809
> + violationEventInit.violatedDirective = effectiveViolatedDirective; //
Historical alias to effectiveDirective:
https://www.w3.org/TR/CSP3/#violation-events
nit: comment is missing a period.
More information about the webkit-reviews
mailing list