From b6b80d4f6f514c08f36c85f5d8b372048078b94d Mon Sep 17 00:00:00 2001
From: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Date: Thu, 8 May 2025 12:46:31 +0200
Subject: Correct event_target for CSP violations (#36887)

All logic is implemented in `report_csp_violations` to avoid
pulling in various element-logic into SecurityManager.

Update the `icon-blocked.sub.html` WPT test to ensure that
the document is the correct target (verified in Firefox and Chrome).

Fixes #36806

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
---
 components/script/script_thread.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'components/script/script_thread.rs')

diff --git a/components/script/script_thread.rs b/components/script/script_thread.rs
index 54cf89a213f..d6ab18be49b 100644
--- a/components/script/script_thread.rs
+++ b/components/script/script_thread.rs
@@ -3606,7 +3606,8 @@ impl ScriptThread {
 
     fn handle_csp_violations(&self, id: PipelineId, _: RequestId, violations: Vec<csp::Violation>) {
         if let Some(global) = self.documents.borrow().find_global(id) {
-            global.report_csp_violations(violations);
+            // TODO(https://github.com/w3c/webappsec-csp/issues/687): Update after spec is resolved
+            global.report_csp_violations(violations, None);
         }
     }
 
-- 
cgit v1.2.3