Indeed, so I'm making my LGTM2 on the other thread into an LGTM3 on this
thread.
/Daniel
On 2021-10-21 09:08, Yoav Weiss wrote:
LGTM2 to catch up here
(Apparently we have 2 intent emails for this..)
On Thu, Oct 21, 2021 at 3:50 AM TAMURA, Kent <[email protected]> wrote:
LGTM1. It's a small straight-forward change.
On Thu, Oct 21, 2021 at 12:44 AM <[email protected]> wrote:
Contact emails
[email protected], [email protected]
Explainer:
The securitypolicyviolation event is already implemented in all
browsers, one can find document on
MDN(https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers/onsecuritypolicyviolation,
https://developer.mozilla.org/en-US/docs/Web/API/Element/securitypolicyviolation_event).
The securitypolicyviolation event is dispatched when there is
a Content
Security Policy violation. Typically, the JS code of the web
component
will listen to securitypolicyviolation events and react with
necessary
updates.
One could just use addEventListener, but for convenience and
consistency
with other events (e.g. slotchange) it makes sense to add a IDL
onsecuritypolicyviolation attribute which also reflect the
attribute on
elements. We recently shipped slotchange idl attriubte as well
(https://groups.google.com/a/chromium.org/g/blink-dev/c/cagoIboJ6Oo/m/yje1mcIUBAAJ)
Developers are habitual to use EventTarget.onload = ... and
<element
onload="..."> , but if this does not work for all events, it
will be
surprising.
Currently, the way to listen an event is:
target.addEventListener("securitypolicyviolation", mylistener);
After this addition an alternative attribute-based form will be
availlable for the developers
element
<target onsecuritypolicyviolation="myListener()">
Doc Link(s):
- https://html.spec.whatwg.org/#handler-onsecuritypolicyviolation
- https://github.com/whatwg/html/pull/2651
-
https://chromium-review.googlesource.com/c/chromium/src/+/3226366
Specification
https://html.spec.whatwg.org
Summary
The securitypolicyviolation event is fired when a Content Security
Policy is violated.One can listen to that event via the
EventTarget.addEventListener() API. The goal is now to expose the
onsecuritypolicyviolation IDL attribute from the
GlobalEventHandlers
interface, so that one can register a listener by attaching this
attribute to target elements.
Blink component
Blink>DOM
Motivation
The securitypolicyviolation event is fired when a Content Security
Policy is violated.
One can naturally listen to that event via the
EventTarget.addEventListener() API. However, web developers
are also
familiar with the alternative attribute-based form (e.g.
element.addEventListener("securitypolicyviolation
", ...) Vs on <element onsecuritypolicyviolation="...">)
which is sometimes convenient for quick testing. For
consistency with
other events, an attribute onsecuritypolicyviolation is thus
added.
TAG review
TAG review status
This is just a small change to an existing spec implemented in
browsers
and discussed at WHATWG
Risks
Interoperability and Compatibility
Gecko:
Shipped/Shipping
(https://bugzilla.mozilla.org/show_bug.cgi?id=1727302)
WebKit:
Shipped/Shipping (https://bugs.webkit.org/show_bug.cgi?id=229381)
Web developers:
N/A
Debuggability
No DevTools changes are required, treated like any other
event/attribute.
Is this feature fully tested by web-platform-tests?
Yes
Web Platform Tests:
w3c/web-platform-tests/dom/idlharness.window.html
w3c/web-platform-tests/html/webappapis/scripting/events/event-handler-all-global-events.html
w3c/web-platform-tests/html/webappapis/scripting/events/event-handler-attributes-body-window-expected.txt
w3c/web-platform-tests/mathml/relations/html5-tree/math-global-event-handlers.tentative.html
Requires code in //chrome?
False
Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1242893
Patch:
https://chromium-review.googlesource.com/c/chromium/src/+/3226366
Estimated milestones
-
Link to entry on the Chrome Platform Status
https://www.chromestatus.com/features/5639484386312192
--
You received this message because you are subscribed to the
Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to [email protected]
<mailto:blink-dev%[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/35dc5869ac062cb1fd0e8d9bca3f05e3%40igalia.com.
--
TAMURA Kent
Software Engineer, Google
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGH7WqFNhQ6QYFP9pyYe3Xtx5LHZdty%3DopoMRWSjy%3DOg-exdtQ%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGH7WqFNhQ6QYFP9pyYe3Xtx5LHZdty%3DopoMRWSjy%3DOg-exdtQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWfPAMQdB1ncpXmMKcE6CrvpjsjD-fDWooBfYR-_fN1-w%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfWfPAMQdB1ncpXmMKcE6CrvpjsjD-fDWooBfYR-_fN1-w%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/2c35eeda-7928-dad1-2384-a8e5b1908e5f%40gmail.com.
