Inline checks in Should navigation request of type be blocked by Content Security Policy? set `blockedURI` to `inline`

[TimvdLippe]

I am implementing navigation CSP checks in Servo atm and https://w3c.github.io/webappsec-csp/#should-block-navigation-request step 3.1.1.4 claims that the resource should be the URL. However, WPT tests verify that inline is the violation resource: https://github.com/web-platform-tests/wpt/blob/5726251d00e45c1ef06b0894dd843a93359c8f13/content-security-policy/navigation/to-javascript-url-script-src.html#L13

I initially implemented it as URL, but changed it to inline now, as all other browsers appear to do the same: https://wpt.fyi/results/content-security-policy/navigation/to-javascript-url-script-src.html?label=experimental&label=master&aligned

Should the resource be set to inline instead?

[antosart]

I guess that was the intention from the beginning, and this is an oversight from #142. I created #720, will wait for others to chime in, but given that all vendors are aligned...