We should merge <https://src.chromium.org/viewvc/blink?view=rev&revision=155708>. CSP: Deduplicate violation reports before sending. Violation reports should be sent once and only once per page load. If a single line of code generates the same report over and over again, we should attempt to avoid spamming the report server with not-particularly valuable duplicates. For example, if a report-only policy blocks 'eval()', then the following loop would make a sysadmin somewhere quite unhappy: for (i=0;i<Number.MAX_VALUE;i++) eval(...); This patch adds a HashSet<unsigned> to ContentSecurityPolicy, and stores the hash of the stringified violation report. We check that set just before handing things off to PingLoader for delivery. If there's a match, we've already sent the report, and can safely discard it. If not we send the report, then add it to the list. Discussed on public-webappsec@w3.org: http://lists.w3.org/Archives/Public/public-webappsec/2013Aug/0000.html
<rdar://problem/24383316>