LGTM1 to catch up with other implementations on this.
On Wed, Oct 20, 2021 at 5:41 PM Sonia Singla <ssin...@igalia.com> wrote: > Contact emails > > ssin...@igalia.com, > > fw...@chromium.org > > Explainer: > > The securitypolicyviolation event is already implemented in all browsers, > one can find document on MDN( > https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers/onsecuritypolicyviolation, > > https://developer.mozilla.org/en-US/docs/Web/API/Element/securitypolicyviolation_event). > The securitypolicyviolation event is dispatched when there is a Content > Security Policy <https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP> > violation. Typically, the JS code of the web component will listen to > securitypolicyviolation events and react with necessary updates. > > One could just use addEventListener, but for convenience and consistency > with other events (e.g. slotchange) it makes sense to add a IDL > onsecuritypolicyviolation attribute.We recently shipped onslotchange idl > attribute as well. See - > https://groups.google.com/a/chromium.org/g/blink-dev/c/cagoIboJ6Oo/m/aCjiL_FBAgAJ > > Developers are used to use EventTarget.onload = ... and <element > onload="..."> , but if this does not work for all events, it will be > surprising. > > Currently, the way to listen an event is: > > target.addEventListener("securitypolicyviolation", mylistener); > > After this addition an alternative attribute-based form will be > > availlable for the developers > > element > > <target onsecuritypolicyviolation="myListener()"> > Doc Link(s): > > - https://html.spec.whatwg.org/#handler-onsecuritypolicyviolation > <https://html.spec.whatwg.org/#handler-onsecuritypolicyviolation> > > - https://github.com/whatwg/html/pull/2651 > <https://github.com/whatwg/html/pull/2651> > > - https://chromium-review.googlesource.com/c/chromium/src/+/3226366 > <https://chromium-review.googlesource.com/c/chromium/src/+/3226366> > > Specification > > https://html.spec.whatwg.org > > Summary > > The securitypolicyviolation event is fired when a Content Security Policy > is violated.One can listen to that event via the > EventTarget.addEventListener() API. The goal is now to expose the > onsecuritypolicyviolation IDL attribute from the GlobalEventHandlers > interface, so that one can register a listener by attaching this attribute > to target elements. > > Blink component > > Blink>DOM > > Motivation > > The securitypolicyviolation event is fired when a Content Security Policy > is violated. > > One can naturally listen to that event via the > > EventTarget.addEventListener() API. However, web developers are also > > familiar with the alternative attribute-based form (e.g. > > element.addEventListener("securitypolicyviolation > > ", ...) Vs on <element onsecuritypolicyviolation="...">) > > which is sometimes convenient for quick testing. For consistency with > > other events, an attribute onsecuritypolicyviolation is thus added. > > TAG review > > TAG review status > > This is asmall change to an existing spec implemented in browsers and > discussed at WHATWG - https://github.com/whatwg/html/pull/2651, > https://github.com/w3c/webappsec-csp/issues/184 > Agree that a TAG review is not needed in this case. > > Risks > > Interoperability and Compatibility > > Gecko: > > Shipped/Shipping (https://bugzilla.mozilla.org/show_bug.cgi?id=1727302) > > WebKit: > > Shipped/Shipping (https://bugs.webkit.org/show_bug.cgi?id=229381) > Web developers: > > N/A > > Debuggability > > No DevTools changes are required, treated like any other event/attribute. > Is this feature fully tested by web-platform-tests? > > Yes > Web Platform Tests: > > 1. > > w3c/web-platform-tests/dom/idlharness.window.html > 2. > > > > w3c/web-platform-tests/html/webappapis/scripting/events/event-handler-all-global-events.html > 3. > > > > w3c/web-platform-tests/html/webappapis/scripting/events/event-handler-attributes-body-window-expected.txt > 4. > > > > w3c/web-platform-tests/mathml/relations/html5-tree/math-global-event-handlers.tentative.html > > Requires code in //chrome? > > False > > Tracking bug > > https://bugs.chromium.org/p/chromium/issues/detail?id=1242893 > Patch: > > https://chromium-review.googlesource.com/c/chromium/src/+/3226366 > > Estimated milestones > > - > > Link to entry on the Chrome Platform Status > > https://www.chromestatus.com/features/5639484386312192 > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/77047bf5-496b-41cc-9cf8-bcc0fcf9562bn%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/77047bf5-496b-41cc-9cf8-bcc0fcf9562bn%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfXxjXF0Em%3Dx425ZvhsEWjHvKheSrZ7ZUjqdk4%2B4N-kH0Q%40mail.gmail.com.