Closed Bug 548193 Opened 10 years ago Closed 10 years ago

Content Security Policy XML reports have escaping bugs, should probably use JSON anyway

Categories

(Core :: DOM: Core & HTML, defect)

x86
macOS
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla1.9.3a5

People

(Reporter: sayrer, Assigned: bsterne)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

Jonas and I talked this over with sstamm today. The csp-report documents are produced using string concatenation, leading to pretty much inevitable escaping bugs. We all agreed JSON is a better fit anyway. Use the built-in JSON.stringify method to get something correctly escaped.

site of bug:

http://mxr.mozilla.org/mozilla-central/source/content/base/src/contentSecurityPolicy.js#250
Assignee: nobody → sstamm
Agreed! XML is a horrible data container format. JSON is much easier to serialize/parse, and is more compact across the wire.

Stop the XML madness now!
Blocks: CSP
Assignee: sstamm → bsterne
Attached patch JSON reportSplinter Review
I'll add a test for the new report format as well.
Attachment #447336 - Flags: review?(jonas)
http://hg.mozilla.org/mozilla-central/rev/373675ded180
http://hg.mozilla.org/mozilla-central/rev/6ec180ff146f
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Depends on: 569610
Depends on: 597811
Flags: in-testsuite+
Target Milestone: --- → mozilla1.9.3a5
Version: unspecified → Trunk
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.