propagate line- and column-numbers to "securitypolicyviolation" event…

…s triggered by `javascript:" URL navigations. The column number of a violation is not specified [1], [2]. It could for instance for `v = createViolation` be 0, 1, 4 or 5. Hence not adding tests for this. In any case, a non-fixed value might be more helpful than "1" which was used before this patch. For line numbers, the desired value is more obvious, but unspecfied too [3]. Here, Chrome's behavior, which is one-based, is matched. [1] https://www.w3.org/TR/CSP3/#create-violation-for-global [2] w3c/webappsec-csp#452 [3] w3c/webappsec-csp#442 Differential Revision: https://phabricator.services.mozilla.com/D231114 bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1934589 gecko-commit: 808e9a785e4c0f34c0bc5cc7eec3686bec3d6cac gecko-reviewers: tschuster, smaug
web-platform-tests · Dec 11, 2024 · 49f0922 · 49f0922
1 parent e2df4d4
commit 49f0922
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/content-security-policy/securitypolicyviolation/linenumber.tentative.html b/content-security-policy/securitypolicyviolation/linenumber.tentative.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="content-security-policy" content="script-src 'self' 'nonce-abc'">
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+<script nonce="abc">
+  setup({ single_test: true});
+
+  document.addEventListener("securitypolicyviolation", e => {
+    assert_equals(e.lineNumber, 18);
+    done();
+  });
+
+  location.href = "javascript: causeViolation()";
+</script
+</body>
+</html>
+