Skip to content

Commit 3bbc371

Browse files
antosartgithub-actions[bot]
antosart
and
github-actions[bot]
committed
Fix violation's blockedURI for javascript navigations (#720)
SHA: f5d4027 Reason: push, by antosart Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
1 parent 7de7b80 commit 3bbc371

File tree

1 file changed

+5
-6
lines changed

1 file changed

+5
-6
lines changed

index.html

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
<link href="https://www.w3.org/StyleSheets/TR/2021/W3C-WD" rel="stylesheet">
88
<meta content="Bikeshed version b25686b9f, updated Fri Mar 14 14:15:20 2025 -0700" name="generator">
99
<link href="https://www.w3.org/TR/CSP3/" rel="canonical">
10-
<meta content="93e3f736cb565e24d06d6d2439426831a17aca28" name="revision">
10+
<meta content="f5d402719986a5def6d913589d92b95a2e608fa9" name="revision">
1111
<meta content="dark light" name="color-scheme">
1212
<link href="https://www.w3.org/StyleSheets/TR/2021/dark.css" media="(prefers-color-scheme: dark)" rel="stylesheet" type="text/css">
1313
<style>
@@ -2014,8 +2014,7 @@ <h4 class="heading settled dfn-paneled algorithm" data-algorithm="Should element
20142014
<li data-md>
20152015
<p>Otherwise, let <var>violation</var> be the result of executing <a href="#create-violation-for-global">§ 2.4.1 Create a violation object for global, policy, and directive</a> on <var>navigation request</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-client" id="ref-for-concept-request-client③">client</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-global" id="ref-for-concept-settings-object-global③">global object</a>, <var>policy</var>, and <var>directive-name</var>.</p>
20162016
<li data-md>
2017-
<p>Set <var>violation</var>’s <a data-link-type="dfn" href="#violation-resource" id="ref-for-violation-resource⑦">resource</a> to <var>navigation
2018-
request</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-url" id="ref-for-concept-request-url③">URL</a>.</p>
2017+
<p>Set <var>violation</var>’s <a data-link-type="dfn" href="#violation-resource" id="ref-for-violation-resource⑦">resource</a> to "<code>inline</code>".</p>
20192018
<li data-md>
20202019
<p>Execute <a href="#report-violation">§ 5.5 Report a violation</a> on <var>violation</var>.</p>
20212020
<li data-md>
@@ -2074,7 +2073,7 @@ <h4 class="heading settled dfn-paneled algorithm" data-algorithm="Should element
20742073
<p>Otherwise, let <var>violation</var> be the result of executing <a href="#create-violation-for-global">§ 2.4.1 Create a violation object for global, policy, and directive</a> on <var>navigation request</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-client" id="ref-for-concept-request-client④">client</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-global" id="ref-for-concept-settings-object-global④">global object</a>, <var>policy</var>, and <var>directive</var>’s <a data-link-type="dfn" href="#directive-name" id="ref-for-directive-name⑤">name</a>.</p>
20752074
<li data-md>
20762075
<p>Set <var>violation</var>’s <a data-link-type="dfn" href="#violation-resource" id="ref-for-violation-resource⑨">resource</a> to <var>navigation
2077-
request</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-url" id="ref-for-concept-request-url">URL</a>.</p>
2076+
request</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-url" id="ref-for-concept-request-url">URL</a>.</p>
20782077
<li data-md>
20792078
<p>Execute <a href="#report-violation">§ 5.5 Report a violation</a> on <var>violation</var>.</p>
20802079
<li data-md>
@@ -2558,7 +2557,7 @@ <h3 class="heading settled algorithm" data-algorithm="Report a violation" data-l
25582557
<dt data-md><a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-method" id="ref-for-concept-request-method">method</a>
25592558
<dd data-md>
25602559
<p>"<code>POST</code>"</p>
2561-
<dt data-md><a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-url" id="ref-for-concept-request-url">url</a>
2560+
<dt data-md><a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-url" id="ref-for-concept-request-url">url</a>
25622561
<dd data-md>
25632562
<p><var>violation</var>’s <a data-link-type="dfn" href="#violation-url" id="ref-for-violation-url③">url</a></p>
25642563
<dt data-md><a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-origin" id="ref-for-concept-request-origin">origin</a>
@@ -6404,7 +6403,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
64046403
"d8b963e8": {"dfnID":"d8b963e8","dfnText":"isomorphic decode","external":true,"refSections":[{"refs":[{"id":"ref-for-isomorphic-decode"}],"title":"2.2.1. \n Parse a serialized CSP\n "}],"url":"https://infra.spec.whatwg.org/#isomorphic-decode"},
64056404
"d8fc72f5": {"dfnID":"d8fc72f5","dfnText":"script-like","external":true,"refSections":[{"refs":[{"id":"ref-for-request-destination-script-like"},{"id":"ref-for-request-destination-script-like\u2460"}],"title":"5. \n Reporting\n "},{"refs":[{"id":"ref-for-request-destination-script-like\u2461"}],"title":"6.1.10. script-src"},{"refs":[{"id":"ref-for-request-destination-script-like\u2462"}],"title":"6.7.1.1. \n Script directives pre-request check\n "},{"refs":[{"id":"ref-for-request-destination-script-like\u2463"}],"title":"6.7.1.2. \n Script directives post-request check\n "}],"url":"https://fetch.spec.whatwg.org/#request-destination-script-like"},
64066405
"da63e480": {"dfnID":"da63e480","dfnText":"sandboxed origin browsing context flag","external":true,"refSections":[{"refs":[{"id":"ref-for-sandboxed-origin-browsing-context-flag"}],"title":"6.3.2.1. \n sandbox Initialization\n "}],"url":"https://html.spec.whatwg.org/multipage/browsers.html#sandboxed-origin-browsing-context-flag"},
6407-
"dc1cd39b": {"dfnID":"dc1cd39b","dfnText":"URL (for request)","external":true,"refSections":[{"refs":[{"id":"ref-for-concept-request-url"},{"id":"ref-for-concept-request-url\u2460"}],"title":"2.4.2. \n Create a violation object for request, and policy.\n "},{"refs":[{"id":"ref-for-concept-request-url\u2461"},{"id":"ref-for-concept-request-url\u2462"}],"title":"4.2.4. \n Should navigation request of type be blocked\n by Content Security Policy?\n "},{"refs":[{"id":"ref-for-concept-request-url\u2463"}],"title":"4.2.5. \n Should navigation response to navigation request of type\n in target be blocked by Content Security Policy?\n "},{"refs":[{"id":"ref-for-concept-request-url\u2464"}],"title":"5.5. \n Report a violation\n "}],"url":"https://fetch.spec.whatwg.org/#concept-request-url"},
6406+
"dc1cd39b": {"dfnID":"dc1cd39b","dfnText":"URL (for request)","external":true,"refSections":[{"refs":[{"id":"ref-for-concept-request-url"},{"id":"ref-for-concept-request-url\u2460"}],"title":"2.4.2. \n Create a violation object for request, and policy.\n "},{"refs":[{"id":"ref-for-concept-request-url\u2461"}],"title":"4.2.4. \n Should navigation request of type be blocked\n by Content Security Policy?\n "},{"refs":[{"id":"ref-for-concept-request-url\u2462"}],"title":"4.2.5. \n Should navigation response to navigation request of type\n in target be blocked by Content Security Policy?\n "},{"refs":[{"id":"ref-for-concept-request-url\u2463"}],"title":"5.5. \n Report a violation\n "}],"url":"https://fetch.spec.whatwg.org/#concept-request-url"},
64086407
"dcffbccd": {"dfnID":"dcffbccd","dfnText":"URL","external":true,"refSections":[{"refs":[{"id":"ref-for-concept-url"},{"id":"ref-for-concept-url\u2460"}],"title":"5.2. \n Obtain the blockedURI of a violation\u2019s resource\n "},{"refs":[{"id":"ref-for-concept-url\u2461"}],"title":"5.4. Strip URL for use in reports"},{"refs":[{"id":"ref-for-concept-url\u2462"}],"title":"6.7.2.11. \n port-part matching\n "}],"url":"https://url.spec.whatwg.org/#concept-url"},
64096408
"default-src": {"dfnID":"default-src","dfnText":"default-src","external":false,"refSections":[{"refs":[{"id":"ref-for-default-src"}],"title":"6. \n Content Security Policy Directives\n "},{"refs":[{"id":"ref-for-default-src\u2460"},{"id":"ref-for-default-src\u2461"},{"id":"ref-for-default-src\u2462"},{"id":"ref-for-default-src\u2463"}],"title":"6.1.3. default-src"},{"refs":[{"id":"ref-for-default-src\u2464"}],"title":"8.2. \n Usage of \"'strict-dynamic'\"\n "},{"refs":[{"id":"ref-for-default-src\u2465"},{"id":"ref-for-default-src\u2466"}],"title":"8.6. \n Exfiltration\n "},{"refs":[{"id":"ref-for-default-src\u2467"}],"title":"10.1. \n Directive Registry\n "}],"url":"#default-src"},
64106409
"dictdef-securitypolicyviolationeventinit": {"dfnID":"dictdef-securitypolicyviolationeventinit","dfnText":"SecurityPolicyViolationEventInit","external":false,"refSections":[{"refs":[{"id":"ref-for-dictdef-securitypolicyviolationeventinit"}],"title":"5.1. \n Violation DOM Events\n "}],"url":"#dictdef-securitypolicyviolationeventinit"},

0 commit comments

Comments
 (0)