Closed Bug 548193 Opened 10 years ago Closed 10 years ago
Content Security Policy XML reports have escaping bugs, should probably use JSON anyway
Jonas and I talked this over with sstamm today. The csp-report documents are produced using string concatenation, leading to pretty much inevitable escaping bugs. We all agreed JSON is a better fit anyway. Use the built-in JSON.stringify method to get something correctly escaped. site of bug: http://mxr.mozilla.org/mozilla-central/source/content/base/src/contentSecurityPolicy.js#250
Agreed! XML is a horrible data container format. JSON is much easier to serialize/parse, and is more compact across the wire. Stop the XML madness now!
I'll add a test for the new report format as well.
Attachment #447336 - Flags: review?(jonas)
Attachment #447336 - Flags: review?(jonas) → review+
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.3a5
Version: unspecified → Trunk
You need to log in before you can comment on or make changes to this bug.