Correct event_target for CSP violations (#36887)

All logic is implemented in `report_csp_violations` to avoid pulling in various element-logic into SecurityManager. Update the `icon-blocked.sub.html` WPT test to ensure that the document is the correct target (verified in Firefox and Chrome). Fixes #36806 Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-09-30 08:39:16 +01:00 · 2025-05-08 12:46:31 +02:00 · 2025-05-08 12:46:31 +02:00 · b6b80d4f6f
commit b6b80d4f6f
parent f3f4cc5500
56 changed files with 167 additions and 193 deletions
--- a/tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-eval.html.ini
+++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-eval.html.ini
@ -1,4 +0,0 @@
-[blockeduri-eval.html]
-  expected: TIMEOUT
-  [Eval violations have a blockedURI of 'eval']
-    expected: TIMEOUT
--- a/tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-inline.html.ini
+++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-inline.html.ini
@ -1,4 +1,3 @@
 [blockeduri-inline.html]
-  expected: TIMEOUT
  [Inline violations have a blockedURI of 'inline']
-    expected: TIMEOUT
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-ws-wss-scheme.html.ini
+++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/blockeduri-ws-wss-scheme.html.ini
@ -1,13 +1,3 @@
 [blockeduri-ws-wss-scheme.html]
-  expected: TIMEOUT
-  [ws]
-    expected: FAIL
-
-  [wss]
-    expected: FAIL
-
-  [cross-origin]
-    expected: FAIL
-
  [redirect]
-    expected: TIMEOUT
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/securitypolicyviolation/linenumber.tentative.html.ini
+++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/linenumber.tentative.html.ini
@ -1,4 +1,3 @@
 [linenumber.tentative.html]
-  expected: TIMEOUT
  [linenumber]
-    expected: NOTRUN
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini
+++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini
@ -1,13 +1,7 @@
 [script-sample-no-opt-in.html]
  expected: TIMEOUT
-  [Inline script should not have a sample.]
+  [JavaScript URLs in iframes should not have a sample.]
    expected: TIMEOUT

  [Inline event handlers should not have a sample.]
    expected: TIMEOUT
-
-  [JavaScript URLs in iframes should not have a sample.]
-    expected: TIMEOUT
-
-  [eval()-alikes should not have a sample.]
-    expected: TIMEOUT
--- a/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini
+++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini
@ -1,19 +1,7 @@
 [script-sample.html]
  expected: TIMEOUT
-  [Inline script should have a sample.]
+  [JavaScript URLs in iframes should have a sample.]
    expected: TIMEOUT

  [Inline event handlers should have a sample.]
    expected: TIMEOUT
-
-  [JavaScript URLs in iframes should have a sample.]
-    expected: TIMEOUT
-
-  [eval() should have a sample.]
-    expected: TIMEOUT
-
-  [setInterval() should have a sample.]
-    expected: TIMEOUT
-
-  [setTimeout() should have a sample.]
-    expected: TIMEOUT
--- a/tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html.ini
+++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file-blob-scheme.html.ini
@ -1,4 +1,3 @@
 [source-file-blob-scheme.html]
-  expected: TIMEOUT
  [Violations from data:-URL scripts have a sourceFile of 'blob']
-    expected: TIMEOUT
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file-data-scheme.html.ini
+++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/source-file-data-scheme.html.ini
@ -1,4 +1,3 @@
 [source-file-data-scheme.html]
-  expected: TIMEOUT
  [Violations from data:-URL scripts have a sourceFile of 'data']
-    expected: TIMEOUT
+    expected: FAIL
--- a/tests/wpt/meta/content-security-policy/securitypolicyviolation/style-sample-no-opt-in.html.ini
+++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/style-sample-no-opt-in.html.ini
@ -1,7 +1,4 @@
 [style-sample-no-opt-in.html]
  expected: TIMEOUT
-  [Inline style blocks should not have a sample.]
-    expected: TIMEOUT
-
  [Inline style attributes should not have a sample.]
    expected: TIMEOUT
--- a/tests/wpt/meta/content-security-policy/securitypolicyviolation/style-sample.html.ini
+++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/style-sample.html.ini
@ -1,7 +1,4 @@
 [style-sample.html]
  expected: TIMEOUT
-  [Inline style blocks should have a sample.]
-    expected: TIMEOUT
-
  [Inline style attributes should have a sample.]
    expected: TIMEOUT
--- a/tests/wpt/meta/content-security-policy/securitypolicyviolation/targeting.html.ini
+++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/targeting.html.ini
@ -4,13 +4,10 @@
    expected: NOTRUN

  [Inline violations target the right element.]
-    expected: TIMEOUT
+    expected: FAIL

  [Correct targeting inside shadow tree (inline handler).]
    expected: TIMEOUT

-  [Correct targeting inside shadow tree (style).]
-    expected: TIMEOUT
-
  [Elements created in this document, but pushed into a same-origin frame trigger on that frame's document, not on this frame's document.]
    expected: TIMEOUT