Add onsecuritypolicyviolation event handler
Categories
(Core :: DOM: Core & HTML, enhancement, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox93 | --- | fixed |
People
(Reporter: soniasingla, Assigned: soniasingla)
Details
(Keywords: dev-doc-complete)
Attachments
(1 file)
See: https://github.com/whatwg/html/pull/2651
Webkit started on adding it, it would be nice to have it in firefox too.
Webkit bug: https://bugs.webkit.org/show_bug.cgi?id=229381
|
Assignee | |
Comment 1•3 years ago
|
||
I am working on it
|
|
Assignee | |
Updated•3 years ago
|
|
|
Assignee | |
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
|
Assignee | |
Comment 2•3 years ago
|
||
Pushed by opettay@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e7459f43c367 Add onsecuritypolicyviolation event handler.r=smaug
|
|
||
Updated•3 years ago
|
|
||
Comment 4•3 years ago
|
||
| bugherder | ||
|
||
Comment 5•3 years ago
•
|
||
I'm adding docs for this in FF93, which you can track in https://github.com/mdn/content/issues/8614
From what I can see, and basic testing, this adds a global onsecuritypolicyviolation event handler. I think this means that you can now use onsecuritypolicyviolation on window or document or any other element. Before this change on Firefox you couldn't use onsecuritypolicyviolation at all (though you could use addEventListener on document or Window). Is that about right?
The spec says "The following event handler content attributes may be specified on any HTML element:". However I wrote some test code and found that a handler added to <p> or <img> using onsecuritypolicyviolation does not seem to be fired - while it is for Document or Window. My test shows that the method is not undefined (using typeof) so presumably it exists.
Perhaps this is because of the nature of the API. If you add the handler before the HTML is loaded (before a violation) presumably the element is null - and so you won't be able to add the handler. If you add a script after HTML has loaded the violation has already occurred, so you won't see the event at all. In other words it feels like even though you can add this to elements, you will never actually see it fired if you do. Does that make sense?
Is there any more "specialness" to this?
|
||
Comment 6•3 years ago
|
||
@Hamish Are you able to get the handler fired if you register it on <p> or <img> via addEventListener instead of an onsecuritypolicyviolation IDL/content attribute?
|
|
||
Comment 7•3 years ago
•
|
||
@fredw No.
Note that if load scripts before the HTML has loaded the p and img are null - so that fails. If I add after they have loaded the event has already been fired so I don't get the handler called. I guess it works for the window because that exists before the event fires
|
|
||
Comment 8•3 years ago
|
||
@Hamish: OK, i guess that's expected then. The new attributes should behave the same as addEventListener. (note that WPT tests just use rely on EventTarget.dispatchEvent to emulate an event).
|
|
||
Comment 9•3 years ago
|
||
I guess it is. Though it feels a bit odd, and of course I worry my test code is wrong. I'll add a note in the docs to highlight the case.
|
|
||
Updated•3 years ago
|
|
|
||
Comment 10•3 years ago
|
||
FYI work for this is essentially complete, though will be going through review. You can track in https://github.com/mdn/content/issues/8614#issuecomment-913969124. I have added dev-doc-complete.
Thank you for your help Frédéric.
|
|
Assignee | |
Updated•3 years ago
|
Description
•