Contact emails [email protected], [email protected] Explainer: The securitypolicyviolation event is already implemented in all browsers, one can find document on MDN(https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers/onsecuritypolicyviolation, https://developer.mozilla.org/en-US/docs/Web/API/Element/securitypolicyviolation_event). The securitypolicyviolation event is dispatched when there is a Content Security Policy violation. Typically, the JS code of the web component will listen to securitypolicyviolation events and react with necessary updates.
One could just use addEventListener, but for convenience and consistency with other events (e.g. slotchange) it makes sense to add a IDL onsecuritypolicyviolation attribute which also reflect the attribute on elements. We recently shipped slotchange idl attriubte as well (https://groups.google.com/a/chromium.org/g/blink-dev/c/cagoIboJ6Oo/m/yje1mcIUBAAJ) Developers are habitual to use EventTarget.onload = ... and <element onload="..."> , but if this does not work for all events, it will be surprising. Currently, the way to listen an event is: target.addEventListener("securitypolicyviolation", mylistener); After this addition an alternative attribute-based form will be availlable for the developers element <target onsecuritypolicyviolation="myListener()"> Doc Link(s): - https://html.spec.whatwg.org/#handler-onsecuritypolicyviolation - https://github.com/whatwg/html/pull/2651 - https://chromium-review.googlesource.com/c/chromium/src/+/3226366 Specification https://html.spec.whatwg.org Summary The securitypolicyviolation event is fired when a Content Security Policy is violated.One can listen to that event via the EventTarget.addEventListener() API. The goal is now to expose the onsecuritypolicyviolation IDL attribute from the GlobalEventHandlers interface, so that one can register a listener by attaching this attribute to target elements. Blink component Blink>DOM Motivation The securitypolicyviolation event is fired when a Content Security Policy is violated. One can naturally listen to that event via the EventTarget.addEventListener() API. However, web developers are also familiar with the alternative attribute-based form (e.g. element.addEventListener("securitypolicyviolation ", ...) Vs on <element onsecuritypolicyviolation="...">) which is sometimes convenient for quick testing. For consistency with other events, an attribute onsecuritypolicyviolation is thus added. TAG review TAG review status This is just a small change to an existing spec implemented in browsers and discussed at WHATWG Risks Interoperability and Compatibility Gecko: Shipped/Shipping (https://bugzilla.mozilla.org/show_bug.cgi?id=1727302) WebKit: Shipped/Shipping (https://bugs.webkit.org/show_bug.cgi?id=229381) Web developers: N/A Debuggability No DevTools changes are required, treated like any other event/attribute. Is this feature fully tested by web-platform-tests? Yes Web Platform Tests: w3c/web-platform-tests/dom/idlharness.window.html w3c/web-platform-tests/html/webappapis/scripting/events/event-handler-all-global-events.html w3c/web-platform-tests/html/webappapis/scripting/events/event-handler-attributes-body-window-expected.txt w3c/web-platform-tests/mathml/relations/html5-tree/math-global-event-handlers.tentative.html Requires code in //chrome? False Tracking bug https://bugs.chromium.org/p/chromium/issues/detail?id=1242893 Patch: https://chromium-review.googlesource.com/c/chromium/src/+/3226366 Estimated milestones - Link to entry on the Chrome Platform Status https://www.chromestatus.com/features/5639484386312192 -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/35dc5869ac062cb1fd0e8d9bca3f05e3%40igalia.com.
