Element: securitypolicyviolation event
Baseline Widely available
This feature is well established and works across many devices and browser versions. It’s been available across browsers since October 2018.
Thesecuritypolicyviolation event is fired when aContent Security Policy is violated.
The event is fired on the element when there is a violation of the CSP policy.
This eventbubbles to theWindow object, and iscomposed.
Note:You should generally add the handler for this event to a top level object (i.e.,Window orDocument).While HTML elements can technically be the target of thesecuritypolicyviolation event, in reality this event does not fire on them—for example, a blocked<img> source directly triggers this event ondocument as the target, instead of bubbling from the<img> element.
Syntax
Use the event name in methods likeaddEventListener(), or set an event handler property.
addEventListener("securitypolicyviolation", (event) => { })onsecuritypolicyviolation = (event) => { }Event type
ASecurityPolicyViolationEvent. Inherits fromEvent.
Examples
Listening for securitypolicyviolation on Window
The code below shows how you might add an event handler function using theonsecuritypolicyviolation global event handler property oraddEventListener() on the top levelWindow (you could use exactly the same approach onDocument).
window.onsecuritypolicyviolation = (e) => { // Handle SecurityPolicyViolationEvent e here};window.addEventListener("securitypolicyviolation", (e) => { // Handle SecurityPolicyViolationEvent e here});Specifications
| Specification |
|---|
| Content Security Policy Level 3 # eventdef-globaleventhandlers-securitypolicyviolation |
| HTML # handler-onsecuritypolicyviolation |
Browser compatibility
See also
- The
securitypolicyviolationevent of theDocumentinterface - The
securitypolicyviolationevent of theWorkerGlobalScopeinterface - HTTP > Content Security Policy