Contact emails
Explainer:
The securitypolicyviolation event is already implemented in all browsers, one can find document on MDN(https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers/onsecuritypolicyviolation, https://developer.mozilla.org/en-US/docs/Web/API/Element/securitypolicyviolation_event). The securitypolicyviolation event is dispatched when there is a Content Security Policy violation. Typically, the JS code of the web component will listen to securitypolicyviolation events and react with necessary updates.
One could just use addEventListener, but for convenience and consistency with other events (e.g. slotchange) it makes sense to add a IDL onsecuritypolicyviolation attribute.We recently shipped onslotchange idl attribute as well. See - https://groups.google.com/a/chromium.org/g/blink-dev/c/cagoIboJ6Oo/m/aCjiL_FBAgAJ
Developers are used to use EventTarget.onload = ... and <element onload="..."> , but if this does not work for all events, it will be surprising.
Currently, the way to listen an event is:
target.addEventListener("securitypolicyviolation", mylistener);
After this addition an alternative attribute-based form will be
availlable for the developers
element
<target onsecuritypolicyviolation="myListener()">
Doc Link(s):- https://html.spec.whatwg.org/#handler-onsecuritypolicyviolation
- https://github.com/whatwg/html/pull/2651
- https://chromium-review.googlesource.com/c/chromium/src/+/3226366
Specification
Summary
The securitypolicyviolation event is fired when a Content Security Policy is violated.One can listen to that event via the EventTarget.addEventListener() API. The goal is now to expose the onsecuritypolicyviolation IDL attribute from the GlobalEventHandlers interface, so that one can register a listener by attaching this attribute to target elements.
Blink component
Blink>DOM
Motivation
The securitypolicyviolation event is fired when a Content Security Policy is violated.
One can naturally listen to that event via the
EventTarget.addEventListener() API. However, web developers are also
familiar with the alternative attribute-based form (e.g.
element.addEventListener("securitypolicyviolation
", ...) Vs on <element onsecuritypolicyviolation="...">)
which is sometimes convenient for quick testing. For consistency with
other events, an attribute onsecuritypolicyviolation is thus added.
TAG review
TAG review status
This is asmall change to an existing spec implemented in browsers and discussed at WHATWG - https://github.com/whatwg/html/pull/2651, https://github.com/w3c/webappsec-csp/issues/184
Risks
Interoperability and Compatibility
Gecko:
Shipped/Shipping (https://bugzilla.mozilla.org/show_bug.cgi?id=1727302)
WebKit:
Shipped/Shipping (https://bugs.webkit.org/show_bug.cgi?id=229381)
Web developers:N/A
Debuggability
No DevTools changes are required, treated like any other event/attribute.
Is this feature fully tested by web-platform-tests?Yes
Web Platform Tests:w3c/web-platform-tests/dom/idlharness.window.html
w3c/web-platform-tests/html/webappapis/scripting/events/event-handler-all-global-events.html
w3c/web-platform-tests/html/webappapis/scripting/events/event-handler-attributes-body-window-expected.txt
w3c/web-platform-tests/mathml/relations/html5-tree/math-global-event-handlers.tentative.html
Requires code in //chrome?
False
Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1242893
Patch:https://chromium-review.googlesource.com/c/chromium/src/+/3226366
Estimated milestones
-
Link to entry on the Chrome Platform Status
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/35dc5869ac062cb1fd0e8d9bca3f05e3%40igalia.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/77047bf5-496b-41cc-9cf8-bcc0fcf9562bn%40chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGH7WqFNhQ6QYFP9pyYe3Xtx5LHZdty%3DopoMRWSjy%3DOg-exdtQ%40mail.gmail.com.
LGTM2
/Daniel
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfXxjXF0Em%3Dx425ZvhsEWjHvKheSrZ7ZUjqdk4%2B4N-kH0Q%40mail.gmail.com.
Indeed, so I'm making my LGTM2 on the other thread into an LGTM3 on this thread.
/Daniel
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWfPAMQdB1ncpXmMKcE6CrvpjsjD-fDWooBfYR-_fN1-w%40mail.gmail.com.
This got 3 LGTMs on a different thread.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/181f4cf8-6518-d397-1bc0-97aecd5a9722%40gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2c35eeda-7928-dad1-2384-a8e5b1908e5f%40gmail.com.