Correct event_target for CSP violations (#36887)

All logic is implemented in `report_csp_violations` to avoid pulling in various element-logic into SecurityManager. Update the `icon-blocked.sub.html` WPT test to ensure that the document is the correct target (verified in Firefox and Chrome). Fixes #36806 Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-07-22 23:03:42 +01:00 · 2025-05-08 12:46:31 +02:00 · 2025-05-08 12:46:31 +02:00 · b6b80d4f6f
commit b6b80d4f6f
parent f3f4cc5500
56 changed files with 167 additions and 193 deletions
--- a/components/script/security_manager.rs
+++ b/components/script/security_manager.rs
@ -14,8 +14,7 @@ use crate::dom::bindings::codegen::Bindings::SecurityPolicyViolationEventBinding
 };
 use crate::dom::bindings::inheritance::Castable;
 use crate::dom::bindings::refcounted::Trusted;
-use crate::dom::bindings::reflector::DomGlobal;
-use crate::dom::event::{Event, EventBubbles, EventCancelable};
+use crate::dom::event::{Event, EventBubbles, EventCancelable, EventComposed};
 use crate::dom::eventtarget::EventTarget;
 use crate::dom::securitypolicyviolationevent::SecurityPolicyViolationEvent;
 use crate::dom::types::GlobalScope;
@ -23,6 +22,7 @@ use crate::script_runtime::CanGc;
 use crate::task::TaskOnce;

 pub(crate) struct CSPViolationReportTask {
+    global: Trusted<GlobalScope>,
    event_target: Trusted<EventTarget>,
    violation_report: SecurityPolicyViolationReport,
 }
@ -159,28 +159,31 @@ impl CSPViolationReportBuilder {

 impl CSPViolationReportTask {
    pub fn new(
-        global: &GlobalScope,
-        report: SecurityPolicyViolationReport,
+        global: Trusted<GlobalScope>,
+        event_target: Trusted<EventTarget>,
+        violation_report: SecurityPolicyViolationReport,
    ) -> CSPViolationReportTask {
        CSPViolationReportTask {
-            violation_report: report,
-            event_target: Trusted::new(global.upcast::<EventTarget>()),
+            global,
+            event_target,
+            violation_report,
        }
    }

    fn fire_violation_event(self, can_gc: CanGc) {
-        let target = self.event_target.root();
-        let global = &target.global();
        let event = SecurityPolicyViolationEvent::new(
-            global,
+            &self.global.root(),
            Atom::from("securitypolicyviolation"),
            EventBubbles::Bubbles,
            EventCancelable::Cancelable,
+            EventComposed::Composed,
            &self.violation_report.convert(),
            can_gc,
        );

-        event.upcast::<Event>().fire(&target, can_gc);
+        event
+            .upcast::<Event>()
+            .fire(&self.event_target.root(), can_gc);
    }
 }