The securitypolicyviolation event is fired when a Content Security Policy is violated.One can listen to that event via the EventTarget.addEventListener() API. The goal is now to expose the onsecuritypolicyviolation IDL attribute from the GlobalEventHandlers interface, so that one can register a listener by attaching this attribute to target elements.

Motivation

The event is fired on the element that violates the policy and bubbles. It is normally handled by an event handler on the Window or Document object. One can naturally listen to that event via the EventTarget.addEventListener() API. However, web developers are also familiar with the alternative attribute-based form (e.g. element.addEventListener("securitypolicyviolation", ...) Vs on <element.onsecuritypolicyviolation="...">) which is sometimes convenient for quick testing. For consistency with other events, an attribute onsecuritypolicyviolation is thus added.

Documentation

• https://html.spec.whatwg.org/#handler-onsecuritypolicyviolation
• https://github.com/whatwg/html/pull/2651
• https://chromium-review.googlesource.com/c/chromium/src/+/3226366

Specification

Specification link

Status: Final published standard: Recommendation, Living Standard, Candidate Recommendation, or similar final form

Status in Chromium

Blink components: Blink>DOM

Implementation status: No active development (tracking bug)

Consensus & Standardization

• Firefox: Shipped/Shipping
• Safari: Shipped/Shipping
• Web Developers: No signals

Owners

• ssingla@igalia.com
• fwang@chromium.org

Last updated on 2021-10-28