Closed Bug 1934589 Opened 3 months ago Closed 2 months ago

securitypolicyviolation event's linenumber is 0 for `javascript:` URL navigations

Categories

(Core :: DOM: Security, defect, P3)

defect

Tracking

()

RESOLVED FIXED
135 Branch
Tracking Status
firefox135 --- fixed

People

(Reporter: mbrodesser-Igalia, Assigned: mbrodesser-Igalia)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog], [wptsync upstream])

Attachments

(2 files)

Attached file h.html

STR: run the example.

Expected: linenumber is 13
Actual: it's 0

Works in Chrome.

Assignee: nobody → mbrodesser
Summary: securitypolicyviolation event's linenumber is 0 → securitypolicyviolation event's linenumber is 0 for `javascript:` URL navigations

The column number of a violation is not specified [1]. It could for
instance for v = createViolation be 0, 1, 4 or 5.
Hence not adding tests for this. In any case, a non-fixed value might be
more helpful than "1" which was used before this patch.

For line numbers, the desired value is more obvious. The only question
is whether it's zero- or one-based. Here, Chrome's behavior, which is
one-based, is matched with this patch.

[1] https://www.w3.org/TR/CSP3/#create-violation-for-global

Thank you for filing this bug and taking a stab at the fix.

Blocks: csp-w3c-3
Severity: -- → S3
Priority: -- → P3
Whiteboard: [domsecurity-backlog]
Attachment #9441698 - Attachment description: Bug 1934589: Propagate line- and column-numbers to "securitypolicyviolation" events triggered by `javascript:" URL navigations. r=tschuster → Bug 1934589: propagate line- and column-numbers to "securitypolicyviolation" events triggered by `javascript:" URL navigations. r=tschuster
Pushed by mbrodesser@igalia.com: https://hg.mozilla.org/integration/autoland/rev/808e9a785e4c propagate line- and column-numbers to "securitypolicyviolation" events triggered by `javascript:" URL navigations. r=tschuster,smaug
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/49619 for changes under testing/web-platform/tests
Whiteboard: [domsecurity-backlog] → [domsecurity-backlog], [wptsync upstream]
Status: NEW → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → 135 Branch
Upstream PR merged by moz-wptsync-bot
Upstream PR merged by moz-wptsync-bot
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: