Fixes microsoft#1030 - Add CSP disposition field

Author: NotWoods

baselines/dom.generated.d.ts

@@ -1693,14 +1693,16 @@ interface ScrollToOptions extends ScrollOptions {
 interface SecurityPolicyViolationEventInit extends EventInit {
     blockedURI?: string;
     columnNumber?: number;
-    documentURI?: string;
-    effectiveDirective?: string;
+    disposition: SecurityPolicyViolationEventDisposition;
+    documentURI: string;
+    effectiveDirective: string;
     lineNumber?: number;
-    originalPolicy?: string;
+    originalPolicy: string;
     referrer?: string;
+    sample?: string;
     sourceFile?: string;
-    statusCode?: number;
-    violatedDirective?: string;
+    statusCode: number;
+    violatedDirective: string;
 }
 
 interface ShadowRootInit {
@@ -2620,6 +2622,25 @@ declare var CDATASection: {
     new(): CDATASection;
 };
 
+interface CSPViolationReportBody extends ReportBody {
+    readonly blockedURL: string | null;
+    readonly columnNumber: number | null;
+    readonly disposition: SecurityPolicyViolationEventDisposition;
+    readonly documentURL: string;
+    readonly effectiveDirective: string;
+    readonly lineNumber: number | null;
+    readonly originalPolicy: string;
+    readonly referrer: string | null;
+    readonly sample: string | null;
+    readonly sourceFile: string | null;
+    readonly statusCode: number;
+}
+
+declare var CSPViolationReportBody: {
+    prototype: CSPViolationReportBody;
+    new(): CSPViolationReportBody;
+};
+
 /** A single condition CSS at-rule, which consists of a condition and a statement block. It is a child of CSSGroupingRule. */
 interface CSSConditionRule extends CSSGroupingRule {
     conditionText: string;
@@ -14660,11 +14681,13 @@ declare var ScriptProcessorNode: {
 interface SecurityPolicyViolationEvent extends Event {
     readonly blockedURI: string;
     readonly columnNumber: number;
+    readonly disposition: SecurityPolicyViolationEventDisposition;
     readonly documentURI: string;
     readonly effectiveDirective: string;
     readonly lineNumber: number;
     readonly originalPolicy: string;
     readonly referrer: string;
+    readonly sample: string;
     readonly sourceFile: string;
     readonly statusCode: number;
     readonly violatedDirective: string;
@@ -19833,6 +19856,7 @@ type ScrollBehavior = "auto" | "smooth";
 type ScrollLogicalPosition = "center" | "end" | "nearest" | "start";
 type ScrollRestoration = "auto" | "manual";
 type ScrollSetting = "" | "up";
+type SecurityPolicyViolationEventDisposition = "enforce" | "report";
 type SelectionMode = "end" | "preserve" | "select" | "start";
 type ServiceWorkerState = "activated" | "activating" | "installed" | "installing" | "parsed" | "redundant";
 type ServiceWorkerUpdateViaCache = "all" | "imports" | "none";

baselines/webworker.generated.d.ts

@@ -501,6 +501,21 @@ interface RsaPssParams extends Algorithm {
     saltLength: number;
 }
 
+interface SecurityPolicyViolationEventInit extends EventInit {
+    blockedURI?: string;
+    columnNumber?: number;
+    disposition: SecurityPolicyViolationEventDisposition;
+    documentURI: string;
+    effectiveDirective: string;
+    lineNumber?: number;
+    originalPolicy: string;
+    referrer?: string;
+    sample?: string;
+    sourceFile?: string;
+    statusCode: number;
+    violatedDirective: string;
+}
+
 interface StorageEstimate {
     quota?: number;
     usage?: number;
@@ -2851,6 +2866,27 @@ declare var Response: {
     redirect(url: string, status?: number): Response;
 };
 
+/** Inherits from Event, and represents the event object of an event sent on a document or worker when its content security policy is violated. */
+interface SecurityPolicyViolationEvent extends Event {
+    readonly blockedURI: string;
+    readonly columnNumber: number;
+    readonly disposition: SecurityPolicyViolationEventDisposition;
+    readonly documentURI: string;
+    readonly effectiveDirective: string;
+    readonly lineNumber: number;
+    readonly originalPolicy: string;
+    readonly referrer: string;
+    readonly sample: string;
+    readonly sourceFile: string;
+    readonly statusCode: number;
+    readonly violatedDirective: string;
+}
+
+declare var SecurityPolicyViolationEvent: {
+    prototype: SecurityPolicyViolationEvent;
+    new(type: string, eventInitDict?: SecurityPolicyViolationEventInit): SecurityPolicyViolationEvent;
+};
+
 interface ServiceWorkerEventMap extends AbstractWorkerEventMap {
     "statechange": Event;
 }
@@ -5983,6 +6019,7 @@ type RequestMode = "cors" | "navigate" | "no-cors" | "same-origin";
 type RequestRedirect = "error" | "follow" | "manual";
 type ResizeQuality = "high" | "low" | "medium" | "pixelated";
 type ResponseType = "basic" | "cors" | "default" | "error" | "opaque" | "opaqueredirect";
+type SecurityPolicyViolationEventDisposition = "enforce" | "report";
 type ServiceWorkerState = "activated" | "activating" | "installed" | "installing" | "parsed" | "redundant";
 type ServiceWorkerUpdateViaCache = "all" | "imports" | "none";
 type VisibilityState = "hidden" | "visible";

inputfiles/idl/Content Security Policy.widl

@@ -0,0 +1,50 @@
+[Exposed=Window]
+interface CSPViolationReportBody : ReportBody {
+  readonly attribute USVString documentURL;
+  readonly attribute USVString? referrer;
+  readonly attribute USVString? blockedURL;
+  readonly attribute DOMString effectiveDirective;
+  readonly attribute DOMString originalPolicy;
+  readonly attribute USVString? sourceFile;
+  readonly attribute DOMString? sample;
+  readonly attribute SecurityPolicyViolationEventDisposition disposition;
+  readonly attribute unsigned short statusCode;
+  readonly attribute unsigned long? lineNumber;
+  readonly attribute unsigned long? columnNumber;
+};
+
+enum SecurityPolicyViolationEventDisposition {
+  "enforce", "report"
+};
+
+[Exposed=(Window,Worker)]
+interface SecurityPolicyViolationEvent : Event {
+    constructor(DOMString type, optional SecurityPolicyViolationEventInit eventInitDict = {});
+    readonly    attribute USVString      documentURI;
+    readonly    attribute USVString      referrer;
+    readonly    attribute USVString      blockedURI;
+    readonly    attribute DOMString      effectiveDirective;
+    readonly    attribute DOMString      violatedDirective; // historical alias of effectiveDirective
+    readonly    attribute DOMString      originalPolicy;
+    readonly    attribute USVString      sourceFile;
+    readonly    attribute DOMString      sample;
+    readonly    attribute SecurityPolicyViolationEventDisposition      disposition;
+    readonly    attribute unsigned short statusCode;
+    readonly    attribute unsigned long  lineNumber;
+    readonly    attribute unsigned long  columnNumber;
+};
+
+dictionary SecurityPolicyViolationEventInit : EventInit {
+    required USVString      documentURI;
+             USVString      referrer = "";
+             USVString      blockedURI = "";
+    required DOMString      violatedDirective;
+    required DOMString      effectiveDirective;
+    required DOMString      originalPolicy;
+             USVString      sourceFile = "";
+             DOMString      sample = "";
+    required SecurityPolicyViolationEventDisposition disposition;
+    required unsigned short statusCode;
+             unsigned long  lineNumber = 0;
+             unsigned long  columnNumber = 0;
+};

inputfiles/idlSources.json

@@ -176,6 +176,10 @@
         "url": "https://www.w3.org/TR/CSS22/visudet.html",
         "title": "CSS2 Visual formatting details"
     },
+    {
+        "url": "https://www.w3.org/TR/CSP3/",
+        "title": "Content Security Policy"
+    },
     {
         "url": "https://w3c.github.io/deviceorientation/",
         "title": "DeviceOrientation Event"