SecurityPolicyViolationEvent
The SecurityPolicyViolationEvent
interface inherits from Event
, and represents the event object of an event sent on a document or worker when its content security policy is violated.
Constructor
SecurityPolicyViolationEvent()
-
Creates a new
SecurityPolicyViolationEvent
object instance.
Instance properties
SecurityPolicyViolationEvent.blockedURI
Read only-
A string representing the URI of the resource that was blocked because it violates a policy.
SecurityPolicyViolationEvent.columnNumber
Read only-
The column number in the document or worker at which the violation occurred.
SecurityPolicyViolationEvent.disposition
Read only-
Indicates how the violated policy is configured to be treated by the user agent. This will be
"enforce"
or"report"
. SecurityPolicyViolationEvent.documentURI
Read only-
A string representing the URI of the document or worker in which the violation was found.
SecurityPolicyViolationEvent.effectiveDirective
Read only-
A string representing the directive whose enforcement uncovered the violation.
SecurityPolicyViolationEvent.lineNumber
Read only-
The line number in the document or worker at which the violation occurred.
SecurityPolicyViolationEvent.originalPolicy
Read only-
A string containing the policy whose enforcement uncovered the violation.
SecurityPolicyViolationEvent.referrer
Read only-
A string representing the URL for the referrer of the resources whose policy was violated, or
null
. SecurityPolicyViolationEvent.sample
Read only-
A string representing a sample of the resource that caused the violation, usually the first 40 characters. This will only be populated if the resource is an inline script, event handler, or style — external resources causing a violation will not generate a sample.
SecurityPolicyViolationEvent.sourceFile
Read only-
If the violation occurred as a result of a script, this will be the URL of the script; otherwise, it will be
null
. BothcolumnNumber
andlineNumber
should have non-null values if this property is notnull
. SecurityPolicyViolationEvent.statusCode
Read only-
A number representing the HTTP status code of the document or worker in which the violation occurred.
SecurityPolicyViolationEvent.violatedDirective
Read only-
A string representing the directive whose enforcement uncovered the violation.
Examples
document.addEventListener("securitypolicyviolation", (e) => {
console.log(e.blockedURI);
console.log(e.violatedDirective);
console.log(e.originalPolicy);
});
Specifications
Specification |
---|
Content Security Policy Level 3 # report-violation |
Browser compatibility
BCD tables only load in the browser