@@ -1056,87 +1056,7 @@ <h5>Firing events using the <code>SecurityPolicyViolationEvent</code> interface<
10561056 </ section >
10571057
10581058 </ section >
1059-
1060- < section >
1061- < h4 > Document</ h4 >
1062-
1063- < dl title ="partial interface Document " class ="idl ">
1064- < dt > readonly attribute SecurityPolicy securityPolicy</ dt >
1065- < dd > The security policy for this document.</ dd >
1066- < dt > attribute EventHandler onsecuritypolicyviolation</ dt >
1067- < dd > Event handler for < code > securitypolicyviolation</ code > events.</ dd >
1068- </ dl >
1069- </ section >
1070-
1071- < section >
1072- < h4 > SecurityPolicy</ h4 >
1073-
1074- < p > Let the < dfn > active CSP policies</ dfn > be the set of CSP policies
1075- the user agent is currently enforcing for the associated
1076- document.</ p >
1077-
1078- < dl title ="interface SecurityPolicy " class ="idl ">
1079- < dt > readonly attribute bool allowsEval</ dt >
1080- < dd > A boolean representing the logical < code > and</ code > of whether
1081- the source expression < code > 'unsafe-eval'</ code > is present in the
1082- < a href ="#dfn-allowed-script-sources "> allowed script sources</ a >
1083- of each of the < a href ="#dfn-active-csp-policies "> active CSP
1084- policies</ a > .</ dd >
1085-
1086- < dt > readonly attribute bool allowsInlineScript</ dt >
1087- < dd > A boolean representing the logical < code > and</ code > of whether
1088- the source expression < code > 'unsafe-inline'</ code > is present in the
1089- < a href ="#dfn-allowed-script-sources "> allowed script sources</ a >
1090- of each of the < a href ="#dfn-active-csp-policies "> active CSP
1091- policies</ a > .</ dd >
1092-
1093- < dt > readonly attribute bool allowsInlineStyle</ dt >
1094- < dd > A boolean representing the logical < code > and</ code > of whether
1095- the source expression < code > 'unsafe-inline'</ code > is present in the
1096- < a href ="#dfn-allowed-style-sources "> allowed style sources</ a >
1097- of each of the < a href ="#dfn-active-csp-policies "> active CSP
1098- policies</ a > .</ dd >
1099-
1100- < dt > readonly attribute bool isActive</ dt >
1101- < dd > A boolean which is < code > true</ code > if the set of
1102- < a href ="#dfn-active-csp-policies "> active CSP policies</ a > is
1103- non-empty, and < code > false</ code > otherwise.</ dd >
1104- </ dl >
1105- </ section >
1106- < section class ="informative ">
1107- < h4 > Usage</ h4 >
1108- < p > The script interface described here serves as a feature detection
1109- API that developers can use in order to make intelligent decisions
1110- about code that executes on a page based on the page's active
1111- policy. This is especially important for developers of libraries or
1112- frameworks which are meant to be used on a variety of sites in
1113- unknown contexts.</ p >
1114- < p > A few use-cases follow for illustration:</ p >
1115- < ul >
1116- < li >
1117- < p > < strong > Does the user agent support CSP?</ strong > </ p >
1118- < pre > var isCSPSupported = "securityPolicy" in document;</ pre >
1119- </ li >
1120- < li >
1121- < p > < strong > Is a policy active on the current page?</ strong > If
1122- not, perhaps one should be injected via the
1123- < a href ="#html-meta-element--experimental "> (experimental)
1124- < code > meta</ code > element</ a > .</ p >
1125- < pre > var isCSPActive = document.securityPolicy.isActive;</ pre >
1126- </ li >
1127- < li >
1128- < p > < strong > Can I use < code > new Function();</ code > or
1129- < code > eval()</ code > ?</ strong > Some libraries use these dangerous
1130- methods for performance optimizations. If they are unavailable,
1131- the library could gracefully fall back to a less performant (but
1132- safer) mechanism.</ p >
1133- < pre > var isEvalAvailable = document.securityPolicy.allowsEval;</ pre >
1134- </ li >
1135- </ ul >
1136- </ section >
1137- </ section >
11381059 </ section >
1139-
11401060 < section >
11411061 < h2 id ="sec-directives "> Directives</ h2 >
11421062
0 commit comments