Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Default policy should return null (or undefined) to indicate its input value was rejected. These values will cause dispatching a CSP violation. In enforcing mode, this will cause the assignment to fail with a TypeError, however in reporting mode this will cause the *input* value to the policy be used (i.e. the assignment will succeed, with the original value passed to the policy). Throwing errors, or modifying values in the default policy is respected despite of the enforcing|report-only mode. Errors are *propagated* to the JS code i.e. if the default policy throws, the string at sink assignment throws the same error.
- Loading branch information