Closed
Bug 1242019
Opened 8 years ago
Closed 8 years ago
Cut off data: URIs within CSP console messages after 40 chars
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla52
Tracking | Status | |
---|---|---|
firefox52 | --- | fixed |
People
(Reporter: ckerschb, Assigned: kmckinley)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
data: URIs can be long and after hearing complaints from several people I think it makes sense to cut off data: URIs after 40 chars within the CSP console message.
Reporter | ||
Updated•8 years ago
|
Blocks: csp-console-logging
Comment 1•8 years ago
|
||
CSP error messaging in FF is largely why I do my CSP testing in Chrome. It would be absolutely fantastic if we could make some improvements in this regards. Thanks!
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → kmckinley
Status: NEW → ASSIGNED
Reporter | ||
Updated•8 years ago
|
Whiteboard: [domsecurity-active]
Comment hidden (mozreview-request) |
Reporter | ||
Comment 3•8 years ago
|
||
mozreview-review |
Comment on attachment 8790454 [details] Bug 1242019 Truncate data URIs in CSP log messages. https://reviewboard.mozilla.org/r/78254/#review76940 r=me if you address my feedback! ::: dom/security/test/csp/test_bug1242019.html:25 (Diff revision 1) > +<script class="testbody" type="text/javascript"> > +// Load locale string during mochitest > +//var stringBundleService = SpecialPowers.Cc["@mozilla.org/intl/stringbundle;1"] > +// .getService(SpecialPowers.Ci.nsIStringBundleService); > +//var localizer = stringBundleService.createBundle("chrome://global/locale/security/csp.properties"); > +//var confusionMsg = localizer.formatStringFromName("hostNameMightBeKeyword", ["SELF", "self"], 2); please remove commented out code if not needed. ::: dom/security/test/csp/test_bug1242019.html:33 (Diff revision 1) > + SpecialPowers.postConsoleSentinel(); > + SimpleTest.finish(); > +}; > + > +// To prevent the test from asserting twice and calling SimpleTest.finish() twice, > +// startTest will be marked false as soon as the confusionMsg is detected. that comment seems wrong, copy/paste? please remove ::: dom/security/test/csp/test_bug1242019.html:34 (Diff revision 1) > + SimpleTest.finish(); > +}; > + > +// To prevent the test from asserting twice and calling SimpleTest.finish() twice, > +// startTest will be marked false as soon as the confusionMsg is detected. > +startTest = false; why do you need the startTest variable? I suppose you can remove it, right? ::: dom/security/test/csp/test_bug1242019.html:39 (Diff revision 1) > +startTest = false; > +SpecialPowers.registerConsoleListener(function ConsoleMsgListener(aMsg) { > + if (startTest) { > + // look for the message with data uri and see it is truncated to 40 chars > + if (aMsg.message.indexOf("Content Security Policy: ") > -1) { > + data_uri = aMsg.message.replace(/^.*(data:\S+)\.{3}.*$/, '$1'); I don't really like that regular expression. Can't you just use the full message within indexOf()? At least you have to add a comment what the replace() function is doing. ::: dom/security/test/csp/test_bug1242019.html:40 (Diff revision 1) > +SpecialPowers.registerConsoleListener(function ConsoleMsgListener(aMsg) { > + if (startTest) { > + // look for the message with data uri and see it is truncated to 40 chars > + if (aMsg.message.indexOf("Content Security Policy: ") > -1) { > + data_uri = aMsg.message.replace(/^.*(data:\S+)\.{3}.*$/, '$1'); > + console.log('uri = ', data_uri); please remove the console.log() ::: dom/security/test/csp/test_bug1242019.html:46 (Diff revision 1) > + ok(data_uri.length <= 40, "Data URI only shows 40 characters in the console"); > + SimpleTest.executeSoon(cleanup); > + } else { > + // don't see the warning yet? wait. > + return; > + } no need for the 'else' branch, right?
Attachment #8790454 -
Flags: review?(ckerschb) → review+
Comment hidden (mozreview-request) |
Comment hidden (mozreview-request) |
Assignee | ||
Updated•8 years ago
|
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/566cc2b60a8c Truncate data URIs in CSP log messages. r=ckerschb
Keywords: checkin-needed
Comment 7•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/566cc2b60a8c
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox52:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
You need to log in
before you can comment on or make changes to this bug.
Description
•