SecurityPolicyViolationEvent

The SecurityPolicyViolationEvent interface inherits from Event, and represents the event object of an event sent on a document or worker when its content security policy is violated.

Event SecurityPolicyViolationEvent

Constructor

SecurityPolicyViolationEvent()

Creates a new SecurityPolicyViolationEvent object instance.

Properties

SecurityPolicyViolationEvent.blockedURIRead only

A string representing the URI of the resource that was blocked because it violates a policy.

SecurityPolicyViolationEvent.columnNumberRead only

The column number in the document or worker at which the violation occurred.

SecurityPolicyViolationEvent.dispositionRead only

Indicates how the violated policy is configured to be treated by the user agent. This will be "enforce" or "report".

SecurityPolicyViolationEvent.documentURIRead only

A string representing the URI of the document or worker in which the violation was found.

SecurityPolicyViolationEvent.effectiveDirectiveRead only

A string representing the directive whose enforcement uncovered the violation.

SecurityPolicyViolationEvent.lineNumberRead only

The line number in the document or worker at which the violation occurred.

SecurityPolicyViolationEvent.originalPolicyRead only

A string containing the policy whose enforcement uncovered the violation.

SecurityPolicyViolationEvent.referrerRead only

A string representing the referrer of the resources whose policy was violated. This will be a URL or null.

SecurityPolicyViolationEvent.sampleRead only

A string representing a sample of the resource that caused the violation, usually the first 40 characters. This will only be populated if the resource is an inline script, event handler, or style — external resources causing a violation will not generate a sample.

SecurityPolicyViolationEvent.sourceFileRead only

A string representing the URI of the document or worker in which the violation was found.

SecurityPolicyViolationEvent.statusCodeRead only

A number representing the HTTP status code of the document or worker in which the violation occurred.

SecurityPolicyViolationEvent.violatedDirectiveRead only

A string representing the directive whose enforcement uncovered the violation.

Examples

document.addEventListener("securitypolicyviolation", (e) => {
  console.log(e.blockedURI);
  console.log(e.violatedDirective);
  console.log(e.originalPolicy);
});

Specifications

Specification
Content Security Policy Level 3
# report-violation

Browser compatibility

BCD tables only load in the browser

See also