trusted-types Add WPT that `createPolicy` which violates the `trusted-types` CSP directive fires a violation event for Windows (not Workers)

Add WPT that `createPolicy` which violates the `trusted-types` CSP directive fires a violation event for Windows (not Workers)

Open mbrodesser-Igalia opened this issue 8 months ago • 1 comments

E.g. createPolicy("X"); with trusted-types 'none'".

https://w3c.github.io/trusted-types/dist/spec/#should-block-create-policy doesn't set the violation's element. Hence https://w3c.github.io/webappsec-csp/#report-violation step 3.2 sets target to the document. Step 3.3 fires the event.

CC @lukewarlow, @otherdaniel

Jun 20 '24 13:06 mbrodesser-Igalia

trusted-types trusted-types copied to clipboard

Add WPT that `createPolicy` which violates the `trusted-types` CSP directive fires a violation event for Windows (not Workers)

trusted-types
trusted-types copied to clipboard