Skip to content

Commit

Permalink
Fix w3c#209.
Browse files Browse the repository at this point in the history
Default policy should return null (or undefined) to indicate its input value was rejected.
These values will cause dispatching a CSP violation. In enforcing mode,
this will cause the assignment to fail with a TypeError, however in
reporting mode this will cause the *input* value to the policy be used
(i.e. the assignment will succeed, with the original value passed to the
policy).

Throwing errors, or modifying values in the default policy is respected despite of the
enforcing|report-only mode. Errors are *propagated* to the JS code i.e.
if the default policy throws, the string at sink assignment throws the same error.
  • Loading branch information
koto committed Sep 6, 2019
1 parent e0b6e6e commit 0a5e1c6
Show file tree
Hide file tree
Showing 2 changed files with 121 additions and 78 deletions.
Loading

0 comments on commit 0a5e1c6

Please sign in to comment.