The securitypolicyviolation event is fired when a Content Security Policy is violated.One can listen to that event via the EventTarget.addEventListener() API. The goal is now to expose the onsecuritypolicyviolation IDL attribute from the GlobalEventHandlers interface, so that one can register a listener by attaching this attribute to target elements.
The event is fired on the element that violates the policy and bubbles. It is normally handled by an event handler on the Window or Document object. One can naturally listen to that event via the EventTarget.addEventListener() API. However, web developers are also familiar with the alternative attribute-based form (e.g. element.addEventListener("securitypolicyviolation", ...) Vs on <element.onsecuritypolicyviolation="...">) which is sometimes convenient for quick testing. For consistency with other events, an attribute onsecuritypolicyviolation is thus added.
Final published standard: Recommendation, Living Standard, Candidate Recommendation, or similar final form
Status in Chromium
No active development
Consensus & Standardization
Last updated on 2021-10-28