Closed Bug 1418246 Opened 7 years ago Closed 6 years ago

CSP violation: columnNumber

Categories

(Core :: DOM: Security, enhancement, P3)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla63
Tracking Flags:
Tracking Status
firefox63 --- fixed

People

(Reporter: cfu, Assigned: baku)

References

Details

(Whiteboard: [domsecurity-backlog1][wptsync upstream])

Attachments

(1 file)

csp.patch
78.64 KB, patch
ckerschb
: review+
Details | Diff | Splinter Review
Now we don't calculate the column number of CSP violation. We would like to support it. Also the web-platform tests should be updated to test the correct column number because they just assert the columnNumber field to be 0 currently.
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
No longer blocks: 1037335
Attached patch csp.patchSplinter Review
This patch exposes the columnNumber value in any CSP violation event but not when the script/style is inline. This is not done because the HTML5 parser doesn't have this information at the moment.
Assignee: nobody → amarchesini
Attachment #8989209 - Flags: review?(ckerschb)
https://treeherder.mozilla.org/#/jobs?repo=try&revision=32eb7aec1982fac06a41949d07fcec0621353fcd&selectedJob=186001590 It looks green enough. There is a bug in a xpcshell-test but I already fixed it.
Comment on attachment 8989209 [details] [diff] [review] csp.patch Review of attachment 8989209 [details] [diff] [review]: ----------------------------------------------------------------- Baku, thanks for fixing! r=me
Attachment #8989209 - Flags: review?(ckerschb) → review+
Pushed by amarchesini@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/1dea8bb53b30 Return valid columnNumber value in CSP violation events, r=ckerschb
https://hg.mozilla.org/mozilla-central/rev/1dea8bb53b30
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox63: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
Coverity CID 1437611 suggests that we might have a copy and paste error. Copy-paste error (COPY_PASTE_ERROR)copy_paste_error: mLineNumber in aViolationEventInit.mLineNumber looks like a copy-paste error. On this line: https://dxr.mozilla.org/mozilla-central/source/dom/security/nsCSPContext.cpp#1004 Do you confirm that it is a false positive?
Flags: needinfo?(amarchesini)
Blocks: 1473827
Flags: needinfo?(amarchesini)
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/11827 for changes under testing/web-platform/tests
Whiteboard: [domsecurity-backlog1] → [domsecurity-backlog1][wptsync upstream]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: