LGTM2
/Daniel
On 2021-10-21 08:34, Yoav Weiss wrote:
LGTM1 to catch up with other implementations on this.
On Wed, Oct 20, 2021 at 5:41 PM Sonia Singla <[email protected]> wrote:
Contact emails
[email protected],
[email protected]
Explainer:
The securitypolicyviolation event is already implemented in all
browsers, one can find document on
MDN(https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers/onsecuritypolicyviolation
<https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers/onsecuritypolicyviolation>,
https://developer.mozilla.org/en-US/docs/Web/API/Element/securitypolicyviolation_event
<https://developer.mozilla.org/en-US/docs/Web/API/Element/securitypolicyviolation_event>).
The securitypolicyviolation event is dispatched when there is
aContent Security Policy
<https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP>violation.
Typically, the JS code of the web component will listen to
securitypolicyviolation events and react with necessary updates.
One could just use addEventListener, but for convenience and
consistency with other events (e.g. slotchange) it makes sense to
add a IDL onsecuritypolicyviolation attribute.We recently shipped
onslotchange idl attribute as well. See -
https://groups.google.com/a/chromium.org/g/blink-dev/c/cagoIboJ6Oo/m/aCjiL_FBAgAJ
Developers are used to use EventTarget.onload = ... and <element
onload="..."> , but if this does not work for all events, it will
be surprising.
Currently, the way to listen an event is:
target.addEventListener("securitypolicyviolation", mylistener);
After this addition an alternative attribute-based form will be
availlable for the developers
element
<target onsecuritypolicyviolation="myListener()">
Doc Link(s):
- https://html.spec.whatwg.org/#handler-onsecuritypolicyviolation
<https://html.spec.whatwg.org/#handler-onsecuritypolicyviolation>
- https://github.com/whatwg/html/pull/2651
<https://github.com/whatwg/html/pull/2651>
-
https://chromium-review.googlesource.com/c/chromium/src/+/3226366
<https://chromium-review.googlesource.com/c/chromium/src/+/3226366>
Specification
https://html.spec.whatwg.org <https://html.spec.whatwg.org>
Summary
The securitypolicyviolation event is fired when a Content Security
Policy is violated.One can listen to that event via the
EventTarget.addEventListener() API. The goal is now to expose the
onsecuritypolicyviolation IDL attribute from the
GlobalEventHandlers interface, so that one can register a listener
by attaching this attribute to target elements.
Blink component
Blink>DOM
Motivation
The securitypolicyviolation event is fired when a Content Security
Policy is violated.
One can naturally listen to that event via the
EventTarget.addEventListener() API. However, web developers are also
familiar with the alternative attribute-based form (e.g.
element.addEventListener("securitypolicyviolation
", ...) Vs on <element onsecuritypolicyviolation="...">)
which is sometimes convenient for quick testing. For consistency with
other events, an attribute onsecuritypolicyviolation is thus added.
TAG review
TAG review status
This isĀ asmall change to an existing spec implemented in browsers
and discussed at WHATWG -
https://github.com/whatwg/html/pull/2651,
https://github.com/w3c/webappsec-csp/issues/184
Agree that a TAG review is not needed in this case.
Risks
Interoperability and Compatibility
Gecko:
Shipped/Shipping
(https://bugzilla.mozilla.org/show_bug.cgi?id=1727302)
WebKit:
Shipped/Shipping (https://bugs.webkit.org/show_bug.cgi?id=229381)
Web developers:
N/A
Debuggability
No DevTools changes are required, treated like any other
event/attribute.
Is this feature fully tested by web-platform-tests?
Yes
Web Platform Tests:
1.
w3c/web-platform-tests/dom/idlharness.window.html
2.
w3c/web-platform-tests/html/webappapis/scripting/events/event-handler-all-global-events.html
3.
w3c/web-platform-tests/html/webappapis/scripting/events/event-handler-attributes-body-window-expected.txt
4.
w3c/web-platform-tests/mathml/relations/html5-tree/math-global-event-handlers.tentative.html
Requires code in //chrome?
False
Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1242893
Patch:
https://chromium-review.googlesource.com/c/chromium/src/+/3226366
Estimated milestones
-
Link to entry on the Chrome Platform Status
https://www.chromestatus.com/features/5639484386312192
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/77047bf5-496b-41cc-9cf8-bcc0fcf9562bn%40chromium.org
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/77047bf5-496b-41cc-9cf8-bcc0fcf9562bn%40chromium.org?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfXxjXF0Em%3Dx425ZvhsEWjHvKheSrZ7ZUjqdk4%2B4N-kH0Q%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfXxjXF0Em%3Dx425ZvhsEWjHvKheSrZ7ZUjqdk4%2B4N-kH0Q%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/181f4cf8-6518-d397-1bc0-97aecd5a9722%40gmail.com.
