Reporting API - tidy up CSPViolationReportBody #35602
Conversation
github-actions
bot
added
Content:WebAPI
hamishwillee
force-pushed
the
cspviolation_tidy
branch
from
49b8ba1
to
13d34a3
Compare
|
This pull request has merge conflicts that must be resolved before it can be merged. |
| ```js | ||
| const observer = new ReportingObserver( | ||
| (reports, observer) => { | ||
| console.log(`Disposition: ${reports[0].body.disposition}`); // For example: "enforce" |
There was a problem hiding this comment.
Better not to have lines >80 characters or they get hard-wrapped on MDN.
There was a problem hiding this comment.
Thanks. FWIW wrap seems to be about 96 chars on desktop,.
Edit: pushed comment to following line.
files/en-us/web/api/cspviolationreportbody/effectivedirective/index.md
Outdated
Show resolved
Hide resolved
| The **`toJSON()`** method of the {{domxref("CSPViolationReportBody")}} interface is a _serializer_, which returns a JSON representation of the `CSPViolationReportBody` object. | ||
|
|
||
| This is used by the reporting API when creating a serialized version of a violation report to send to a reporting endpoint. |
There was a problem hiding this comment.
Worth saying somewhere that AFAIK the most common usage for toJSON is to support JSON.stringify()? Maybe also worth having an example that uses JSON.stringify()?
There was a problem hiding this comment.
@wbamberg I was going to say no, since you never call this directly. But then you rarely call toJSON directly and that doesn't stop us documenting what it is for. I've modified.
I do have a "confirmation". The docs refer to toJSON as a "serializer", and there is a strong implication in many docs that it returns a string - which is a serialized version of the object. If you ask the popular APIs they go further and say that the JSON object returned "is a string, but you could return something else if you wanted".
My understanding is that this is a little bit wrong. The toJSON() method does not actually (necessarily) do any serialization and it probably won't return a string (though it can).
What it does is return a "JSON-compatible" representation of the object - one that doesn't have anything that can't be converted into a serialized string of JSON data, such as functions, or data types unsupported by JSON.
So it would be more accurate to refer to returned objects as a "JSON-compatible representation of the object that can be serialized using JSON.stringify()" than as a "serializer"?
I'm not sure it matters too much for this case, but it would be good to be clear generally so that the AIs don't confuse people that this must be a string coming out of toJSON()
files/en-us/web/api/securitypolicyviolationevent/documenturi/index.md
Outdated
Show resolved
Hide resolved
hamishwillee
force-pushed
the
cspviolation_tidy
branch
from
71b6200
to
4f33690
Compare
github-actions
bot
added
size/xl
|
@wbamberg This is ready for another look. I'm here for (my) Friday and then away for a week, so if you don't get to it by then, there is no urgency. I have added examples as you suggested. They are a little boring and I wish I could make them live examples :-(. But they have been useful as some of the previous explanation was wrong. I was lazy and had copied some of it from https://developer.mozilla.org/en-US/docs/Web/API/SecurityPolicyViolationEvent so that will need to be updated. But that will have to be a post process. I was a bit rushed in the end and have not self-subedited. It should be mostly OK. If you want to wait, I'd still appreciate a scan to check that the example approach makes sense. I followed the live example structure just for convenience, and you might hate it. |
files/en-us/web/api/cspviolationreportbody/columnnumber/index.md
Outdated
Show resolved
Hide resolved
Co-authored-by: wbamberg <[email protected]>
Co-authored-by: wbamberg <[email protected]>
hamishwillee
force-pushed
the
cspviolation_tidy
branch
from
2bfa63a
to
c2b0731
Compare
files/en-us/web/api/cspviolationreportbody/columnnumber/index.md
Outdated
Show resolved
Hide resolved
files/en-us/web/api/cspviolationreportbody/columnnumber/index.md
Outdated
Show resolved
Hide resolved
|
Thanks for all your patience with reviews! |
* CSPViolationReportBody docs * SecurityPolicyViolationEvent - fix crosslinks to CSPViolationReportBody * Minor fixes to Report API top level * Code review typo fixes Co-authored-by: wbamberg <[email protected]> * Fix code line lengths * Apply suggestions from code review * sample - aggregate the conditions. * use: that violated the [Content Security Policy (CSP)](/en-US/docs/Web/HTTP/CSP). * sourceFile example * Make file, line, column the same(ish) * OriginalPolicy/sourceFile example * toJSON - add JSON.stringify() * Add examples * Add example for disposition * Apply suggestions from code review - the easy ones Co-authored-by: wbamberg <[email protected]> * Apply suggestions from code review Co-authored-by: wbamberg <[email protected]> * Apply suggestions from code review * blockedURL fix * Apply suggestions from code review - folder from inline to test * Fix up line numbers etc * Update files/en-us/web/api/cspviolationreportbody/columnnumber/index.md * Update files/en-us/web/api/cspviolationreportbody/linenumber/index.md * Update files/en-us/web/api/cspviolationreportbody/sourcefile/index.md * Update files/en-us/web/api/cspviolationreportbody/linenumber/index.md * Update files/en-us/web/api/cspviolationreportbody/columnnumber/index.md --------- Co-authored-by: wbamberg <[email protected]>
This adds missing property docs for
CSPViolationReportBody, fixes up cross links to here fromSecurityPolicyViolationEvent, and fixes the compat statements on the REporting API top page.It should all be pretty correct, albeit a bit repetative, because all the examples are the same, and the properties in the event and body are also almost identical.
Related docs work can be tracked in #35279
Fixes #29292