SecurityPolicyViolationEvent: sample property
Baseline Widely available
This feature is well established and works across many devices and browser versions. It’s been available across browsers since September 2021.
Note: This feature is available in Web Workers.
The sample read-only property of the SecurityPolicyViolationEvent interface is a string representing a sample of the resource that caused the Content Security Policy (CSP) violation.
This is only script-src* and style-src* violations, when the corresponding Content-Security-Policy directive contains the 'report-sample' keyword.
In addition, this will only be populated if the resource is an inline script, event handler, or style — external resources causing a violation will not generate a sample.
Note: Violation reports should be considered attacker-controlled data. The content of this field should be sanitized before storing or rendering.
Value
A string containing a sample of the resource that caused the violation, usually the first 40 characters, or the empty string.
Examples
document.addEventListener("securitypolicyviolation", (e) => {
console.log(e.sample);
});
Specifications
| Specification |
|---|
| Content Security Policy Level 3 # dom-securitypolicyviolationevent-sample |