The securitypolicyviolation event is fired when a Content Security Policy is violated.One can listen to that event via the EventTarget.addEventListener() API. The goal is now to expose the onsecuritypolicyviolation IDL attribute from the GlobalEventHandlers interface, so that one can register a listener by attaching this attribute to target elements.

Motivation

The event is fired on the element that violates the policy and bubbles. It is normally handled by an event handler on the Window or Document object. One can naturally listen to that event via the EventTarget.addEventListener() API. However, web developers are also familiar with the alternative attribute-based form (e.g. element.addEventListener("securitypolicyviolation", ...) Vs on <element.onsecuritypolicyviolation="...">) which is sometimes convenient for quick testing. For consistency with other events, an attribute onsecuritypolicyviolation is thus added.

Documentation

Specification

Specification link


Final published standard: Recommendation, Living Standard, Candidate Recommendation, or similar final form

Status in Chromium

Blink>DOM


No active development (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Owners

Last updated on 2021-10-28