Bug 117286 - Reporting mode of Content Security Policy: eval() is not reported
Summary: Reporting mode of Content Security Policy: eval() is not reported
Status: RESOLVED DUPLICATE of bug 111869
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-06-06 00:59 PDT by masch
Modified: 2015-12-10 17:20 PST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description masch 2013-06-06 00:59:33 PDT 
Follow-up to bug 111867 which is solved with Chrome 27 (version 27.0.1453.110 m).
Now any usage of eval() isn't reported anymore in reporting-mode (but still blocked in non-reporting-mode).

Example:
<!DOCTYPE html>
<html>
  <meta http-equiv="Content-Security-Policy-Report-Only"   content="default-src 'self' 'unsafe-inline'; report-uri /dummy.html"/>		
  <head>
    <script src="CSP.js"></script>
    <script>
      eval('alert(2);');	
    </script>
  </head>
  <body>
  </body>
</html>

CSP.js:
  eval('alert(1);');
Comment 1 Daniel Bates 2015-12-10 17:20:42 PST 

*** This bug has been marked as a duplicate of bug 111869 ***