Closed
Bug 1418246
Opened 7 years ago
Closed 6 years ago
CSP violation: columnNumber
Categories
(Core :: DOM: Security, enhancement, P3)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla63
Tracking | Status | |
---|---|---|
firefox63 | --- | fixed |
People
(Reporter: cfu, Assigned: baku)
References
Details
(Whiteboard: [domsecurity-backlog1][wptsync upstream])
Attachments
(1 file)
78.64 KB,
patch
|
ckerschb
:
review+
|
Details | Diff | Splinter Review |
Now we don't calculate the column number of CSP violation. We would like to support it.
Also the web-platform tests should be updated to test the correct column number because they just assert the columnNumber field to be 0 currently.
Updated•7 years ago
|
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
Assignee | ||
Comment 1•6 years ago
|
||
This patch exposes the columnNumber value in any CSP violation event but not when the script/style is inline. This is not done because the HTML5 parser doesn't have this information at the moment.
Assignee: nobody → amarchesini
Attachment #8989209 -
Flags: review?(ckerschb)
Assignee | ||
Comment 2•6 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=32eb7aec1982fac06a41949d07fcec0621353fcd&selectedJob=186001590
It looks green enough. There is a bug in a xpcshell-test but I already fixed it.
Comment 3•6 years ago
|
||
Comment on attachment 8989209 [details] [diff] [review]
csp.patch
Review of attachment 8989209 [details] [diff] [review]:
-----------------------------------------------------------------
Baku, thanks for fixing! r=me
Attachment #8989209 -
Flags: review?(ckerschb) → review+
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/1dea8bb53b30
Return valid columnNumber value in CSP violation events, r=ckerschb
Comment 5•6 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
Comment 6•6 years ago
|
||
Coverity CID 1437611 suggests that we might have a copy and paste error.
Copy-paste error (COPY_PASTE_ERROR)copy_paste_error: mLineNumber in aViolationEventInit.mLineNumber looks like a copy-paste error.
On this line: https://dxr.mozilla.org/mozilla-central/source/dom/security/nsCSPContext.cpp#1004
Do you confirm that it is a false positive?
Flags: needinfo?(amarchesini)
Assignee | ||
Updated•6 years ago
|
Flags: needinfo?(amarchesini)
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/11827 for changes under testing/web-platform/tests
Whiteboard: [domsecurity-backlog1] → [domsecurity-backlog1][wptsync upstream]
Upstream PR merged
You need to log in
before you can comment on or make changes to this bug.
Description
•