From f15238d6fd46ea6ca6bec21d47b2ea9707085d9a Mon Sep 17 00:00:00 2001 From: Tiger Oakes Date: Fri, 2 Jul 2021 08:14:04 +0000 Subject: [PATCH] Fixes #1030 - Add CSP disposition field --- baselines/dom.generated.d.ts | 34 +++++++++++--- baselines/webworker.generated.d.ts | 37 +++++++++++++++ inputfiles/idl/Content Security Policy.widl | 50 +++++++++++++++++++++ inputfiles/idlSources.json | 4 ++ 4 files changed, 120 insertions(+), 5 deletions(-) create mode 100644 inputfiles/idl/Content Security Policy.widl diff --git a/baselines/dom.generated.d.ts b/baselines/dom.generated.d.ts index 1a8c1c6ee..1a40dab63 100644 --- a/baselines/dom.generated.d.ts +++ b/baselines/dom.generated.d.ts @@ -1693,14 +1693,16 @@ interface ScrollToOptions extends ScrollOptions { interface SecurityPolicyViolationEventInit extends EventInit { blockedURI?: string; columnNumber?: number; - documentURI?: string; - effectiveDirective?: string; + disposition: SecurityPolicyViolationEventDisposition; + documentURI: string; + effectiveDirective: string; lineNumber?: number; - originalPolicy?: string; + originalPolicy: string; referrer?: string; + sample?: string; sourceFile?: string; - statusCode?: number; - violatedDirective?: string; + statusCode: number; + violatedDirective: string; } interface ShadowRootInit { @@ -2620,6 +2622,25 @@ declare var CDATASection: { new(): CDATASection; }; +interface CSPViolationReportBody extends ReportBody { + readonly blockedURL: string | null; + readonly columnNumber: number | null; + readonly disposition: SecurityPolicyViolationEventDisposition; + readonly documentURL: string; + readonly effectiveDirective: string; + readonly lineNumber: number | null; + readonly originalPolicy: string; + readonly referrer: string | null; + readonly sample: string | null; + readonly sourceFile: string | null; + readonly statusCode: number; +} + +declare var CSPViolationReportBody: { + prototype: CSPViolationReportBody; + new(): CSPViolationReportBody; +}; + /** A single condition CSS at-rule, which consists of a condition and a statement block. It is a child of CSSGroupingRule. */ interface CSSConditionRule extends CSSGroupingRule { conditionText: string; @@ -14660,11 +14681,13 @@ declare var ScriptProcessorNode: { interface SecurityPolicyViolationEvent extends Event { readonly blockedURI: string; readonly columnNumber: number; + readonly disposition: SecurityPolicyViolationEventDisposition; readonly documentURI: string; readonly effectiveDirective: string; readonly lineNumber: number; readonly originalPolicy: string; readonly referrer: string; + readonly sample: string; readonly sourceFile: string; readonly statusCode: number; readonly violatedDirective: string; @@ -19833,6 +19856,7 @@ type ScrollBehavior = "auto" | "smooth"; type ScrollLogicalPosition = "center" | "end" | "nearest" | "start"; type ScrollRestoration = "auto" | "manual"; type ScrollSetting = "" | "up"; +type SecurityPolicyViolationEventDisposition = "enforce" | "report"; type SelectionMode = "end" | "preserve" | "select" | "start"; type ServiceWorkerState = "activated" | "activating" | "installed" | "installing" | "parsed" | "redundant"; type ServiceWorkerUpdateViaCache = "all" | "imports" | "none"; diff --git a/baselines/webworker.generated.d.ts b/baselines/webworker.generated.d.ts index 5aef7c809..3b89d998f 100644 --- a/baselines/webworker.generated.d.ts +++ b/baselines/webworker.generated.d.ts @@ -501,6 +501,21 @@ interface RsaPssParams extends Algorithm { saltLength: number; } +interface SecurityPolicyViolationEventInit extends EventInit { + blockedURI?: string; + columnNumber?: number; + disposition: SecurityPolicyViolationEventDisposition; + documentURI: string; + effectiveDirective: string; + lineNumber?: number; + originalPolicy: string; + referrer?: string; + sample?: string; + sourceFile?: string; + statusCode: number; + violatedDirective: string; +} + interface StorageEstimate { quota?: number; usage?: number; @@ -2851,6 +2866,27 @@ declare var Response: { redirect(url: string, status?: number): Response; }; +/** Inherits from Event, and represents the event object of an event sent on a document or worker when its content security policy is violated. */ +interface SecurityPolicyViolationEvent extends Event { + readonly blockedURI: string; + readonly columnNumber: number; + readonly disposition: SecurityPolicyViolationEventDisposition; + readonly documentURI: string; + readonly effectiveDirective: string; + readonly lineNumber: number; + readonly originalPolicy: string; + readonly referrer: string; + readonly sample: string; + readonly sourceFile: string; + readonly statusCode: number; + readonly violatedDirective: string; +} + +declare var SecurityPolicyViolationEvent: { + prototype: SecurityPolicyViolationEvent; + new(type: string, eventInitDict?: SecurityPolicyViolationEventInit): SecurityPolicyViolationEvent; +}; + interface ServiceWorkerEventMap extends AbstractWorkerEventMap { "statechange": Event; } @@ -5983,6 +6019,7 @@ type RequestMode = "cors" | "navigate" | "no-cors" | "same-origin"; type RequestRedirect = "error" | "follow" | "manual"; type ResizeQuality = "high" | "low" | "medium" | "pixelated"; type ResponseType = "basic" | "cors" | "default" | "error" | "opaque" | "opaqueredirect"; +type SecurityPolicyViolationEventDisposition = "enforce" | "report"; type ServiceWorkerState = "activated" | "activating" | "installed" | "installing" | "parsed" | "redundant"; type ServiceWorkerUpdateViaCache = "all" | "imports" | "none"; type VisibilityState = "hidden" | "visible"; diff --git a/inputfiles/idl/Content Security Policy.widl b/inputfiles/idl/Content Security Policy.widl new file mode 100644 index 000000000..0dc8193b0 --- /dev/null +++ b/inputfiles/idl/Content Security Policy.widl @@ -0,0 +1,50 @@ +[Exposed=Window] +interface CSPViolationReportBody : ReportBody { + readonly attribute USVString documentURL; + readonly attribute USVString? referrer; + readonly attribute USVString? blockedURL; + readonly attribute DOMString effectiveDirective; + readonly attribute DOMString originalPolicy; + readonly attribute USVString? sourceFile; + readonly attribute DOMString? sample; + readonly attribute SecurityPolicyViolationEventDisposition disposition; + readonly attribute unsigned short statusCode; + readonly attribute unsigned long? lineNumber; + readonly attribute unsigned long? columnNumber; +}; + +enum SecurityPolicyViolationEventDisposition { + "enforce", "report" +}; + +[Exposed=(Window,Worker)] +interface SecurityPolicyViolationEvent : Event { + constructor(DOMString type, optional SecurityPolicyViolationEventInit eventInitDict = {}); + readonly attribute USVString documentURI; + readonly attribute USVString referrer; + readonly attribute USVString blockedURI; + readonly attribute DOMString effectiveDirective; + readonly attribute DOMString violatedDirective; // historical alias of effectiveDirective + readonly attribute DOMString originalPolicy; + readonly attribute USVString sourceFile; + readonly attribute DOMString sample; + readonly attribute SecurityPolicyViolationEventDisposition disposition; + readonly attribute unsigned short statusCode; + readonly attribute unsigned long lineNumber; + readonly attribute unsigned long columnNumber; +}; + +dictionary SecurityPolicyViolationEventInit : EventInit { + required USVString documentURI; + USVString referrer = ""; + USVString blockedURI = ""; + required DOMString violatedDirective; + required DOMString effectiveDirective; + required DOMString originalPolicy; + USVString sourceFile = ""; + DOMString sample = ""; + required SecurityPolicyViolationEventDisposition disposition; + required unsigned short statusCode; + unsigned long lineNumber = 0; + unsigned long columnNumber = 0; +}; diff --git a/inputfiles/idlSources.json b/inputfiles/idlSources.json index cbf9d88f8..b6275ea76 100644 --- a/inputfiles/idlSources.json +++ b/inputfiles/idlSources.json @@ -176,6 +176,10 @@ "url": "https://www.w3.org/TR/CSS22/visudet.html", "title": "CSS2 Visual formatting details" }, + { + "url": "https://www.w3.org/TR/CSP3/", + "title": "Content Security Policy" + }, { "url": "https://w3c.github.io/deviceorientation/", "title": "DeviceOrientation Event"