Check CSP for inline event handlers (#36510)

This also ensures that document now reports all violations and we set the correct directive. With these changes, all `script-src-attr-elem` WPT tests pass. Part of #36437 Requires servo/rust-content-security-policy#3 to land first Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-08-19 04:15:33 +01:00 · 2025-04-17 23:11:25 +02:00 · 2025-04-17 23:11:25 +02:00 · 2a81987590
commit 2a81987590
parent 70b3e24816
64 changed files with 58 additions and 569 deletions
--- a/tests/wpt/meta/content-security-policy/generic/304-response-should-update-csp.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/generic/304-response-should-update-csp.sub.html.ini
@ -1,7 +1,6 @@
 [304-response-should-update-csp.sub.html]
-  expected: TIMEOUT
  [Test that the first frame does not use nonce def]
-    expected: NOTRUN
+    expected: FAIL

  [Test that the second frame does not use nonce abc]
-    expected: NOTRUN
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/generic/directive-name-case-insensitive.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/generic/directive-name-case-insensitive.sub.html.ini
@ -1,3 +0,0 @@
-[directive-name-case-insensitive.sub.html]
-  [Test that the www2 image throws a violation event]
-    expected: FAIL