Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider recommending the usage of events instead of CSP reports for CSP WPTs #690

Open
mbrodesser-Igalia opened this issue Nov 19, 2024 · 0 comments
Open

Consider recommending the usage of events instead of CSP reports for CSP WPTs #690

mbrodesser-Igalia opened this issue Nov 19, 2024 · 0 comments
Labels
editorial Changes that do not affect how the standard is understood

Comments

@mbrodesser-Igalia
Copy link

1 mentions to check reports to determine whether CSPs prevented script from running. 1 existed already in the year 2017, when securitypolicyviolation events weren't supported 2 by all major browser engines.
Using such events seems simpler for some test scenarios.

Footnotes

  1. https://searchfox.org/mozilla-central/rev/6050bf4eca89956c9d91bfd89fa59294ae32a689/testing/web-platform/tests/content-security-policy/README.html#29-30 2

  2. https://developer.mozilla.org/en-US/docs/Web/API/Element/securitypolicyviolation_event#browser_compatibility

@qabandi qabandi added the editorial Changes that do not affect how the standard is understood label Jan 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
editorial Changes that do not affect how the standard is understood
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@qabandi @mbrodesser-Igalia