WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
153162
CSP: Deduplicate violation reports before sending
https://bugs.webkit.org/show_bug.cgi?id=153162
Summary
CSP: Deduplicate violation reports before sending
Daniel Bates
Reported
2016-01-15 15:18:06 PST
We should merge <
https://src.chromium.org/viewvc/blink?view=rev&revision=155708
>. CSP: Deduplicate violation reports before sending. Violation reports should be sent once and only once per page load. If a single line of code generates the same report over and over again, we should attempt to avoid spamming the report server with not-particularly valuable duplicates. For example, if a report-only policy blocks 'eval()', then the following loop would make a sysadmin somewhere quite unhappy: for (i=0;i<Number.MAX_VALUE;i++) eval(...); This patch adds a HashSet<unsigned> to ContentSecurityPolicy, and stores the hash of the stringified violation report. We check that set just before handing things off to PingLoader for delivery. If there's a match, we've already sent the report, and can safely discard it. If not we send the report, then add it to the list. Discussed on
public-webappsec@w3.org
:
http://lists.w3.org/Archives/Public/public-webappsec/2013Aug/0000.html
Attachments
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2016-01-27 20:53:32 PST
<
rdar://problem/24383316
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug