Clipping of violation’s sample to the 40 first characters #704
Comments
fred-wang
changed the title
|
WebKit calls StringView::left(40) which calls substring, see https://searchfox.org/wubkat/source/Source/WTF/wtf/text/StringView.h#558 |
Thanks. So I understand that means treating a surrogate pair as 2 characters? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
See
https://w3c.github.io/webappsec-csp/#framework-violation
https://w3c.github.io/webappsec-csp/#should-block-inline
https://w3c.github.io/webappsec-csp/#can-compile-strings
The spec says "the substring of source containing its first 40 characters".
I understand this means a surrogate pair in the violation sample should be treated as a single character, but maybe that needs to be mentioned explicitly and/or to be covered by specific WPT tests.
Currently, Firefox instead just clips the source as UTF-16 string of length 40 which is somehow a bit easier (but has special code to avoid clipping the last character in the middle of a surrogate pair): https://bugzilla.mozilla.org/show_bug.cgi?id=1935996
I wonder what Chromium or WebKit do?
cc @lukewarlow @koto
(incidentally, probably a separate issue but Firefox may also append an ellipsis character to indicate that the content was really clipped)
The text was updated successfully, but these errors were encountered: