SecurityPolicyViolationEvent: sample property
Baseline Widely available
This feature is well established and works across many devices and browser versions. It’s been available across browsers since August 2016.
Note: This feature is available in Web Workers.
The sample
read-only property of the SecurityPolicyViolationEvent
interface is a string representing a sample of the resource that caused the Content Security Policy (CSP) violation.
This is only script-src*
and style-src*
violations, when the corresponding Content-Security-Policy
directive contains the 'report-sample'
keyword.
In addition, this will only be populated if the resource is an inline script, event handler, or style — external resources causing a violation will not generate a sample.
Note: Violation reports should be considered attacker-controlled data. The content of this field should be sanitized before storing or rendering.
Value
A string containing a sample of the resource that caused the violation, usually the first 40 characters, or the empty string.
Examples
document.addEventListener("securitypolicyviolation", (e) => {
console.log(e.sample);
});
Specifications
Specification |
---|
Content Security Policy Level 3 # dom-securitypolicyviolationevent-sample |
Browser compatibility
BCD tables only load in the browser