Closed Bug 548193 Opened 15 years ago Closed 14 years ago

Content Security Policy XML reports have escaping bugs, should probably use JSON anyway

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9.3a5

People

(Reporter: sayrer, Assigned: bsterne)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

JSON report
(deleted), patch
sicking
: review+
Details | Diff | Splinter Review
test for JSON report
(deleted), patch
Details | Diff | Splinter Review
Jonas and I talked this over with sstamm today. The csp-report documents are produced using string concatenation, leading to pretty much inevitable escaping bugs. We all agreed JSON is a better fit anyway. Use the built-in JSON.stringify method to get something correctly escaped. site of bug: http://mxr.mozilla.org/mozilla-central/source/content/base/src/contentSecurityPolicy.js#250
Assignee: nobody → sstamm
Agreed! XML is a horrible data container format. JSON is much easier to serialize/parse, and is more compact across the wire. Stop the XML madness now!
Blocks: CSP
Assignee: sstamm → bsterne
Attached patch JSON report (deleted) — Splinter Review
I'll add a test for the new report format as well.
Attachment #447336 - Flags: review?(jonas)
Attached patch test for JSON report (deleted) — Splinter Review
http://hg.mozilla.org/mozilla-central/rev/373675ded180 http://hg.mozilla.org/mozilla-central/rev/6ec180ff146f
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Depends on: 569610
Depends on: 597811
Flags: in-testsuite+
Target Milestone: --- → mozilla1.9.3a5
Version: unspecified → Trunk
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: