Remove required attributes from SecurityPolicyViolationEventInit

The dictionary SecurityPolicyViolationEventInit is optional in the constructor of SecurityPolicyViolationEvent. This CL removes the required attributes from the properties of this dictionary and adds default values. The change in the spec: w3c/webappsec-csp#645 Bug: 325291983 Change-Id: I61e5527e7e8ccc2cd35e5022397ff42bf83ccd9e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5296364 Reviewed-by: Antonio Sartori <antoniosartori@chromium.org> Reviewed-by: Jonathan Hao <phao@chromium.org> Commit-Queue: Saeid Eid <saeideid@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Cr-Commit-Position: refs/heads/main@{#1263930}
chromium · Feb 22, 2024 · 1403b19 · 1403b19
1 parent fe74ed7
commit 1403b19
Show file tree

Hide file tree

Showing 4 changed files with 132 additions and 146 deletions.
diff --git a/third_party/blink/renderer/core/events/security_policy_violation_event_init.idl b/third_party/blink/renderer/core/events/security_policy_violation_event_init.idl
@@ -5,23 +5,23 @@
 // https://w3c.github.io/webappsec-csp/#idl-index
 
 dictionary SecurityPolicyViolationEventInit : EventInit {
-              // TODO(foolip): The spec says "USVString documentURL".
-    required  DOMString documentURI;
-              // TODO(foolip): The spec says USVString.
-              DOMString referrer = "";
-              // TODO(foolip): The spec says "USVString blockedURL".
-              DOMString blockedURI = "";
-    required  DOMString effectiveDirective;
-    required  DOMString originalPolicy;
-              // TODO(foolip): The spec says USVString.
-              DOMString sourceFile = "";
-              DOMString sample = "";
-    required  SecurityPolicyViolationEventDisposition disposition;
-    required  unsigned short statusCode;
-              // TODO(foolip): The spec says "unsigned long lineno"
-              long      lineNumber = 0;
-              // TODO(foolip): The spec says "unsigned long colno"
-              long      columnNumber = 0;
+    // TODO(foolip): The spec says "USVString documentURL".
+    DOMString documentURI = "";
+    // TODO(foolip): The spec says USVString.
+    DOMString referrer = "";
+    // TODO(foolip): The spec says "USVString blockedURL".
+    DOMString blockedURI = "";
+    DOMString effectiveDirective = "";
+    DOMString originalPolicy = "";
+    // TODO(foolip): The spec says USVString.
+    DOMString sourceFile = "";
+    DOMString sample = "";
+    SecurityPolicyViolationEventDisposition disposition = "enforce";
+    unsigned short statusCode = 0;
+    // TODO(foolip): The spec says "unsigned long lineno"
+    long lineNumber = 0;
+    // TODO(foolip): The spec says "unsigned long colno"
+    long columnNumber = 0;
 
-    required  DOMString violatedDirective;
+    DOMString violatedDirective = "";
 };
diff --git a/...rnal/wpt/content-security-policy/securitypolicyviolation/constructor-required-fields.html b/...rnal/wpt/content-security-policy/securitypolicyviolation/constructor-required-fields.html
@@ -25,118 +25,111 @@
       }), undefined);
     }, "SecurityPolicyViolationEvent constructor works with an init dict");
 
-    // missing required members
+    // missing optional members
     test(function() {
-      assert_throws_js(TypeError,
-        function() { new SecurityPolicyViolationEvent("securitypolicyviolation", {
-          // documentURI: "http://example.com",
-          referrer: "http://example.com",
-          blockedURI: "http://example.com",
-          violatedDirective: "default-src",
-          effectiveDirective: "default-src",
-          originalPolicy: "default-src 'none'",
-          sourceFile: "example.js",
-          sample: "<script>alert('1');</scr" + "ipt>",
-          disposition: "enforce",
-          statusCode: 200,
-          lineNumber: 1,
-          columnNumber: 1,
-      })});
-    }, "SecurityPolicyViolationEvent constructor requires documentURI");
+      assert_equals(new SecurityPolicyViolationEvent("securitypolicyviolation", {
+        // documentURI: "http://example.com",
+        referrer: "http://example.com",
+        blockedURI: "http://example.com",
+        violatedDirective: "default-src",
+        effectiveDirective: "default-src",
+        originalPolicy: "default-src 'none'",
+        sourceFile: "example.js",
+        sample: "<script>alert('1');</scr" + "ipt>",
+        disposition: "enforce",
+        statusCode: 200,
+        lineNumber: 1,
+        columnNumber: 1,
+      }).documentURI, "");
+    }, "SecurityPolicyViolationEvent constructor does not require documentURI");
 
     test(function() {
-      assert_throws_js(TypeError,
-        function() { new SecurityPolicyViolationEvent("securitypolicyviolation", {
-          documentURI: "http://example.com",
-          referrer: "http://example.com",
-          blockedURI: "http://example.com",
-          // violatedDirective: "default-src",
-          effectiveDirective: "default-src",
-          originalPolicy: "default-src 'none'",
-          sourceFile: "example.js",
-          sample: "<script>alert('1');</scr" + "ipt>",
-          disposition: "enforce",
-          statusCode: 200,
-          lineNumber: 1,
-          columnNumber: 1,
-      })});
-    }, "SecurityPolicyViolationEvent constructor requires violatedDirective");
+      assert_equals(new SecurityPolicyViolationEvent("securitypolicyviolation", {
+        documentURI: "http://example.com",
+        referrer: "http://example.com",
+        blockedURI: "http://example.com",
+        // violatedDirective: "default-src",
+        effectiveDirective: "default-src",
+        originalPolicy: "default-src 'none'",
+        sourceFile: "example.js",
+        sample: "<script>alert('1');</scr" + "ipt>",
+        disposition: "enforce",
+        statusCode: 200,
+        lineNumber: 1,
+        columnNumber: 1,
+      }).violatedDirective, "");
+    }, "SecurityPolicyViolationEvent constructor does not require violatedDirective");
 
     test(function() {
-      assert_throws_js(TypeError,
-        function() { new SecurityPolicyViolationEvent("securitypolicyviolation", {
-          documentURI: "http://example.com",
-          referrer: "http://example.com",
-          blockedURI: "http://example.com",
-          violatedDirective: "default-src",
-          // effectiveDirective: "default-src",
-          originalPolicy: "default-src 'none'",
-          sourceFile: "example.js",
-          sample: "<script>alert('1');</scr" + "ipt>",
-          disposition: "enforce",
-          statusCode: 200,
-          lineNumber: 1,
-          columnNumber: 1,
-      })});
-    }, "SecurityPolicyViolationEvent constructor requires effectiveDirective");
+      assert_equals(new SecurityPolicyViolationEvent("securitypolicyviolation", {
+        documentURI: "http://example.com",
+        referrer: "http://example.com",
+        blockedURI: "http://example.com",
+        violatedDirective: "default-src",
+        // effectiveDirective: "default-src",
+        originalPolicy: "default-src 'none'",
+        sourceFile: "example.js",
+        sample: "<script>alert('1');</scr" + "ipt>",
+        disposition: "enforce",
+        statusCode: 200,
+        lineNumber: 1,
+        columnNumber: 1,
+      }).effectiveDirective, "");
+    }, "SecurityPolicyViolationEvent constructor does not require effectiveDirective");
 
     test(function() {
-      assert_throws_js(TypeError,
-        function() { new SecurityPolicyViolationEvent("securitypolicyviolation", {
-          documentURI: "http://example.com",
-          referrer: "http://example.com",
-          blockedURI: "http://example.com",
-          violatedDirective: "default-src",
-          effectiveDirective: "default-src",
-          // originalPolicy: "default-src 'none'",
-          sourceFile: "example.js",
-          sample: "<script>alert('1');</scr" + "ipt>",
-          disposition: "enforce",
-          statusCode: 200,
-          lineNumber: 1,
-          columnNumber: 1,
-      })});
-    }, "SecurityPolicyViolationEvent constructor requires originalPolicy");
+      assert_equals(new SecurityPolicyViolationEvent("securitypolicyviolation", {
+        documentURI: "http://example.com",
+        referrer: "http://example.com",
+        blockedURI: "http://example.com",
+        violatedDirective: "default-src",
+        effectiveDirective: "default-src",
+        // originalPolicy: "default-src 'none'",
+        sourceFile: "example.js",
+        sample: "<script>alert('1');</scr" + "ipt>",
+        disposition: "enforce",
+        statusCode: 200,
+        lineNumber: 1,
+        columnNumber: 1,
+      }).originalPolicy, "");
+    }, "SecurityPolicyViolationEvent constructor does not require originalPolicy");
 
     test(function() {
-      assert_throws_js(TypeError,
-        function() { new SecurityPolicyViolationEvent("securitypolicyviolation", {
-          documentURI: "http://example.com",
-          referrer: "http://example.com",
-          blockedURI: "http://example.com",
-          violatedDirective: "default-src",
-          effectiveDirective: "default-src",
-          originalPolicy: "default-src 'none'",
-          sourceFile: "example.js",
-          sample: "<script>alert('1');</scr" + "ipt>",
-          // disposition: "enforce",
-          statusCode: 200,
-          lineNumber: 1,
-          columnNumber: 1,
-      })});
-    }, "SecurityPolicyViolationEvent constructor requires disposition");
+      assert_equals(new SecurityPolicyViolationEvent("securitypolicyviolation", {
+        documentURI: "http://example.com",
+        referrer: "http://example.com",
+        blockedURI: "http://example.com",
+        violatedDirective: "default-src",
+        effectiveDirective: "default-src",
+        originalPolicy: "default-src 'none'",
+        sourceFile: "example.js",
+        sample: "<script>alert('1');</scr" + "ipt>",
+        // disposition: "enforce",
+        statusCode: 200,
+        lineNumber: 1,
+        columnNumber: 1,
+      }).disposition, "enforce");
+    }, "SecurityPolicyViolationEvent constructor does not require disposition");
 
     test(function() {
-      assert_throws_js(TypeError,
-        function() { new SecurityPolicyViolationEvent("securitypolicyviolation", {
-          documentURI: "http://example.com",
-          referrer: "http://example.com",
-          blockedURI: "http://example.com",
-          violatedDirective: "default-src",
-          effectiveDirective: "default-src",
-          originalPolicy: "default-src 'none'",
-          sourceFile: "example.js",
-          sample: "<script>alert('1');</scr" + "ipt>",
-          disposition: "enforce",
-          // statusCode: 200,
-          lineNumber: 1,
-          columnNumber: 1,
-      })});
-    }, "SecurityPolicyViolationEvent constructor requires statusCode");
+      assert_equals(new SecurityPolicyViolationEvent("securitypolicyviolation", {
+        documentURI: "http://example.com",
+        referrer: "http://example.com",
+        blockedURI: "http://example.com",
+        violatedDirective: "default-src",
+        effectiveDirective: "default-src",
+        originalPolicy: "default-src 'none'",
+        sourceFile: "example.js",
+        sample: "<script>alert('1');</scr" + "ipt>",
+        disposition: "enforce",
+        // statusCode: 200,
+        lineNumber: 1,
+        columnNumber: 1,
+      }).statusCode, 0);
+    }, "SecurityPolicyViolationEvent constructor does not require statusCode");
 
-    // missing optional members
     test(function() {
-      assert_not_equals(new SecurityPolicyViolationEvent("securitypolicyviolation", {
+      assert_equals(new SecurityPolicyViolationEvent("securitypolicyviolation", {
         documentURI: "http://example.com",
         // referrer: "http://example.com",
         blockedURI: "http://example.com",
@@ -149,11 +142,11 @@
         statusCode: 200,
         lineNumber: 1,
         columnNumber: 1,
-      }), undefined);
+      }).referrer, "");
     }, "SecurityPolicyViolationEvent constructor does not require referrer");
 
     test(function() {
-      assert_not_equals(new SecurityPolicyViolationEvent("securitypolicyviolation", {
+      assert_equals(new SecurityPolicyViolationEvent("securitypolicyviolation", {
         documentURI: "http://example.com",
         referrer: "http://example.com",
         // blockedURI: "http://example.com",
@@ -166,11 +159,11 @@
         statusCode: 200,
         lineNumber: 1,
         columnNumber: 1,
-      }), undefined);
+      }).blockedURI, "");
     }, "SecurityPolicyViolationEvent constructor does not require blockedURI");
 
     test(function() {
-      assert_not_equals(new SecurityPolicyViolationEvent("securitypolicyviolation", {
+      assert_equals(new SecurityPolicyViolationEvent("securitypolicyviolation", {
         documentURI: "http://example.com",
         referrer: "http://example.com",
         blockedURI: "http://example.com",
@@ -183,11 +176,11 @@
         statusCode: 200,
         lineNumber: 1,
         columnNumber: 1,
-      }), undefined);
+      }).sourceFile, "");
     }, "SecurityPolicyViolationEvent constructor does not require sourceFile");
 
     test(function() {
-      assert_not_equals(new SecurityPolicyViolationEvent("securitypolicyviolation", {
+      assert_equals(new SecurityPolicyViolationEvent("securitypolicyviolation", {
         documentURI: "http://example.com",
         referrer: "http://example.com",
         blockedURI: "http://example.com",
@@ -200,11 +193,11 @@
         statusCode: 200,
         lineNumber: 1,
         columnNumber: 1,
-      }), undefined);
+      }).sample, "");
     }, "SecurityPolicyViolationEvent constructor does not require sample");
 
     test(function() {
-      assert_not_equals(new SecurityPolicyViolationEvent("securitypolicyviolation", {
+      assert_equals(new SecurityPolicyViolationEvent("securitypolicyviolation", {
         documentURI: "http://example.com",
         referrer: "http://example.com",
         blockedURI: "http://example.com",
@@ -217,11 +210,11 @@
         statusCode: 200,
         // lineNumber: 1,
         columnNumber: 1,
-      }), undefined);
+      }).lineNumber, 0);
     }, "SecurityPolicyViolationEvent constructor does not require lineNumber");
 
     test(function() {
-      assert_not_equals(new SecurityPolicyViolationEvent("securitypolicyviolation", {
+      assert_equals(new SecurityPolicyViolationEvent("securitypolicyviolation", {
         documentURI: "http://example.com",
         referrer: "http://example.com",
         blockedURI: "http://example.com",
@@ -234,6 +227,6 @@
         statusCode: 200,
         lineNumber: 1,
         // columnNumber: 1,
-      }), undefined);
+      }).columnNumber, 0);
     }, "SecurityPolicyViolationEvent constructor does not require columnNumber");
 </script>
diff --git a/...b_tests/fast/events/constructors/security-policy-violation-event-constructor-expected.txt b/...b_tests/fast/events/constructors/security-policy-violation-event-constructor-expected.txt
@@ -30,12 +30,12 @@ PASS new SecurityPolicyViolationEvent('eventType', add_required_members({ dispos
 PASS new SecurityPolicyViolationEvent('eventType', add_required_members({ lineNumber: 42 })).lineNumber is 42
 PASS new SecurityPolicyViolationEvent('eventType', add_required_members({ columnNumber: 42 })).columnNumber is 42
 PASS new SecurityPolicyViolationEvent('eventType', add_required_members({ statusCode: 42 })).statusCode is 42
-PASS new SecurityPolicyViolationEvent('eventType', add_required_members({}, "documentURI")) threw exception TypeError: Failed to construct 'SecurityPolicyViolationEvent': Failed to read the 'documentURI' property from 'SecurityPolicyViolationEventInit': Required member is undefined..
-PASS new SecurityPolicyViolationEvent('eventType', add_required_members({}, "violatedDirective")) threw exception TypeError: Failed to construct 'SecurityPolicyViolationEvent': Failed to read the 'violatedDirective' property from 'SecurityPolicyViolationEventInit': Required member is undefined..
-PASS new SecurityPolicyViolationEvent('eventType', add_required_members({}, "effectiveDirective")) threw exception TypeError: Failed to construct 'SecurityPolicyViolationEvent': Failed to read the 'effectiveDirective' property from 'SecurityPolicyViolationEventInit': Required member is undefined..
-PASS new SecurityPolicyViolationEvent('eventType', add_required_members({}, "originalPolicy")) threw exception TypeError: Failed to construct 'SecurityPolicyViolationEvent': Failed to read the 'originalPolicy' property from 'SecurityPolicyViolationEventInit': Required member is undefined..
-PASS new SecurityPolicyViolationEvent('eventType', add_required_members({}, "statusCode")) threw exception TypeError: Failed to construct 'SecurityPolicyViolationEvent': Failed to read the 'statusCode' property from 'SecurityPolicyViolationEventInit': Required member is undefined..
-PASS new SecurityPolicyViolationEvent('eventType', add_required_members({}, "disposition")) threw exception TypeError: Failed to construct 'SecurityPolicyViolationEvent': Failed to read the 'disposition' property from 'SecurityPolicyViolationEventInit': Required member is undefined..
+PASS new SecurityPolicyViolationEvent('eventType', add_required_members({}, "documentURI")) did not throw exception.
+PASS new SecurityPolicyViolationEvent('eventType', add_required_members({}, "violatedDirective")) did not throw exception.
+PASS new SecurityPolicyViolationEvent('eventType', add_required_members({}, "effectiveDirective")) did not throw exception.
+PASS new SecurityPolicyViolationEvent('eventType', add_required_members({}, "originalPolicy")) did not throw exception.
+PASS new SecurityPolicyViolationEvent('eventType', add_required_members({}, "statusCode")) did not throw exception.
+PASS new SecurityPolicyViolationEvent('eventType', add_required_members({}, "disposition")) did not throw exception.
 PASS successfullyParsed is true
 
 TEST COMPLETE

diff --git a/...blink/web_tests/fast/events/constructors/security-policy-violation-event-constructor.html b/...blink/web_tests/fast/events/constructors/security-policy-violation-event-constructor.html
@@ -26,23 +26,15 @@
 shouldBe("new SecurityPolicyViolationEvent('eventType').columnNumber", "0");
 shouldBe("new SecurityPolicyViolationEvent('eventType').statusCode", "0");
 
-/*
-required  DOMString documentURI;
-required  DOMString violatedDirective;
-required  DOMString effectiveDirective;
-required  DOMString originalPolicy;
-required  SecurityPolicyViolationEventDisposition disposition;
-required  unsigned short statusCode;
-*/
-// This function will add to the init dict any missing required members
+// This function will add to the init dict any missing core members
 function add_required_members(init_dict, deleted_member) {
   ["documentURI", "violatedDirective", "effectiveDirective", "originalPolicy"].forEach(function(member) {
     if (!(member in init_dict)) init_dict[member] = 'bar';
   })
   if (!("statusCode" in init_dict)) init_dict["statusCode"] = 200;
   if (!("disposition" in init_dict)) init_dict["disposition"] = 'enforce';
 
-  // for tests that test the absence of required members
+  // for tests that test the absence of core members
   if (deleted_member != undefined && deleted_member in init_dict) delete init_dict[deleted_member];
 
   return init_dict;
@@ -69,10 +61,11 @@
     shouldBe("new SecurityPolicyViolationEvent('eventType', add_required_members({ " + member + ": 42 }))." + member, "42");
 });
 
-// Missing required members throw
+// Missing core members should still work.
 ["documentURI", "violatedDirective", "effectiveDirective", "originalPolicy", "statusCode", "disposition"].forEach(function(member) {
-   shouldThrow("new SecurityPolicyViolationEvent('eventType', add_required_members({}, \"" + member + "\"))")
+   shouldNotThrow("new SecurityPolicyViolationEvent('eventType', add_required_members({}, \"" + member + "\"))")
 });
+
 </script>
 </body>
 </html>