Closed Bug 1106775 Opened 5 years ago Closed 5 years ago
character encoding of CSP violation report should be explicitly documented
This is sorta defined in the spec. The spec says: To send violation reports, the user agent MUST use an algorithm equivalent to the following: ... 2. Let report body be the JSON stringification of report object. where "JSON stringification" links to https://w3c.github.io/webappsec/specs/content-security-policy/#json-stringification which says it's defined in RFC 4627. RFC 4627 says, in section 3: JSON text SHALL be encoded in Unicode. The default encoding is UTF-8. I agree it would be nice to make it clearer in the spec what the encoding is. Posted http://lists.w3.org/Archives/Public/public-webappsec/2014Dec/0010.html As for the documentation, I updated <https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Using_CSP_violation_reports> to mention the encoding. Are there other docs you were looking at?
(In reply to Boris Zbarsky [:bz] from comment #1) > This is sorta defined in the spec. The spec says: > > To send violation reports, the user agent MUST use an algorithm equivalent > to the > following: > ... > 2. Let report body be the JSON stringification of report object. > > where "JSON stringification" links to > https://w3c.github.io/webappsec/specs/content-security-policy/#json- > stringification which says it's defined in RFC 4627. > > RFC 4627 says, in section 3: > > JSON text SHALL be encoded in Unicode. The default encoding is > UTF-8. > > I agree it would be nice to make it clearer in the spec what the encoding > is. Posted > http://lists.w3.org/Archives/Public/public-webappsec/2014Dec/0010.html > > As for the documentation, I updated > <https://developer.mozilla.org/en-US/docs/Web/Security/CSP/ > Using_CSP_violation_reports> to mention the encoding. Are there other docs > you were looking at? It seems to be fine fine. I think this bug can be marked as FIXED.
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.