Bug 1296027 - CSP: Include 'Source' within error message when logging to the console. r=freddyb,bgrins
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Mon, 19 Sep 2016 10:18:55 +0200
changeset 314391 cc2cbca41195523582e22a3677bce09820c05d3c
parent 314390 a5183ca6cbadc527492427a56c5660c9a80c16fd
child 314392 20fd10d6ef21ef4aa43b88006adf4f4f61d55249
push id20571
push userkwierso@gmail.com
push dateMon, 19 Sep 2016 22:56:59 +0000
treeherderfx-team@671c2af548b2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersfreddyb, bgrins
bugs1296027
milestone51.0a1
Bug 1296027 - CSP: Include 'Source' within error message when logging to the console. r=freddyb,bgrins
dom/security/nsCSPUtils.cpp
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -139,16 +139,28 @@ CSP_LogMessage(const nsAString& aMessage
     return;
   }
 
   // Prepending CSP to the outgoing console message
   nsString cspMsg;
   cspMsg.Append(NS_LITERAL_STRING("Content Security Policy: "));
   cspMsg.Append(aMessage);
 
+  // Currently 'aSourceLine' is not logged to the console, because similar
+  // information is already included within the source link of the message.
+  // For inline violations however, the line and column number are 0 and
+  // information contained within 'aSourceLine' can be really useful for devs.
+  // E.g. 'aSourceLine' might be: 'onclick attribute on DIV element'.
+  // In such cases we append 'aSourceLine' directly to the error message.
+  if (!aSourceLine.IsEmpty()) {
+    cspMsg.Append(NS_LITERAL_STRING(" Source: "));
+    cspMsg.Append(aSourceLine);
+    cspMsg.Append(NS_LITERAL_STRING("."));
+  }
+
   nsresult rv;
   if (aInnerWindowID > 0) {
     nsCString catStr;
     catStr.AssignASCII(aCategory);
     rv = error->InitWithWindowID(cspMsg, aSourceName,
                                  aSourceLine, aLineNumber,
                                  aColumnNumber, aFlags,
                                  catStr, aInnerWindowID);