From 49f0922390ce7a2fd3bf260aa8cea201645373dd Mon Sep 17 00:00:00 2001 From: Mirko Brodesser Date: Tue, 10 Dec 2024 13:28:09 +0000 Subject: [PATCH] propagate line- and column-numbers to "securitypolicyviolation" events triggered by `javascript:" URL navigations. The column number of a violation is not specified [1], [2]. It could for instance for `v = createViolation` be 0, 1, 4 or 5. Hence not adding tests for this. In any case, a non-fixed value might be more helpful than "1" which was used before this patch. For line numbers, the desired value is more obvious, but unspecfied too [3]. Here, Chrome's behavior, which is one-based, is matched. [1] https://www.w3.org/TR/CSP3/#create-violation-for-global [2] https://github.com/w3c/webappsec-csp/issues/452 [3] https://github.com/w3c/webappsec-csp/issues/442 Differential Revision: https://phabricator.services.mozilla.com/D231114 bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1934589 gecko-commit: 808e9a785e4c0f34c0bc5cc7eec3686bec3d6cac gecko-reviewers: tschuster, smaug --- .../linenumber.tentative.html | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 content-security-policy/securitypolicyviolation/linenumber.tentative.html diff --git a/content-security-policy/securitypolicyviolation/linenumber.tentative.html b/content-security-policy/securitypolicyviolation/linenumber.tentative.html new file mode 100644 index 00000000000000..3299a6af2fb289 --- /dev/null +++ b/content-security-policy/securitypolicyviolation/linenumber.tentative.html @@ -0,0 +1,22 @@ + + + + + + + + + + + +