Re: Column numbers in violation reports.

If we're sending the line number, I don't see any harm in sending the
column number as well.

Adam



On Sat, Apr 20, 2013 at 2:21 PM, Mike West <mkwst@google.com> wrote:

> From https://github.com/blog/1477-content-security-policy:
>
> "Depending on the browser, the report payload can be pretty vague. You're
> lucky to get a line number (without any offset) on a minified js file when
> a script triggers a violation. It's usually impossible to tell if the error
> is happening in your JS or some extension inject code. "
>
> Does anyone have any objection to adding column numbers to CSP 1.1's
> violation reports and securitypolicyviolation events? I don't think it adds
> anything relevant from a privacy perspective above and beyond line numbers,
> but it could certainly be useful for detail in minified code.
>
> -mike
>
> --
> Mike West <mkwst@google.com>, Developer Advocate
> Google Germany GmbH, Dienerstrasse 12, 80331 M�nchen, Germany
> Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91
>

Received on Saturday, 20 April 2013 23:01:55 UTC