



























@@ -573,7 +573,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
573573<h3 id="framework-directives">Directives</h3>
574574575575 Each <a for="/">policy</a> contains an <a>ordered set</a> of <dfn export>directives</dfn> (its
576-<a for="policy">directive set</a>), each of which controls a specific behavior. The directives
576+<a for="content security policy object">directive set</a>), each of which controls a specific behavior. The directives
577577 defined in this document are described in detail in [[#csp-directives]].
578578579579 Each <a>directive</a> is a <dfn for="directive" export>name</dfn> /
@@ -770,7 +770,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
770770771771 Each <a>violation</a> has a
772772<dfn for="violation" id="violation-disposition" export>disposition</dfn>, which is the
773-<a for="policy">disposition</a> of the <a for="/">policy</a> that has been violated.
773+<a for="content security policy object">disposition</a> of the <a for="/">policy</a> that has been violated.
774774775775 Each <a>violation</a> has an
776776<dfn for="violation" id="violation-effective-directive" export>effective directive</dfn>
@@ -1031,7 +1031,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
1031103110321032 2. <a for=list>For each</a> |policy| of |CSP list|'s [=CSP list/policies=]:
103310331034- 1. If |policy|'s <a for="policy">disposition</a> is "`enforce`",
1034+ 1. If |policy|'s <a for="content security policy object">disposition</a> is "`enforce`",
10351035 then skip to the next |policy|.
1036103610371037 2. Let |violates| be the result of executing
@@ -1056,7 +1056,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
1056105610571057 3. <a for=list>For each</a> |policy| of |CSP list|'s [=CSP list/policies=]:
105810581059- 1. If |policy|'s <a for="policy">disposition</a> is "`report`",
1059+ 1. If |policy|'s <a for="content security policy object">disposition</a> is "`report`",
10601060 then skip to the next |policy|.
1061106110621062 2. Let |violates| be the result of executing
@@ -1096,7 +1096,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
10961096 1. Execute [[#report-violation]] on the result of executing
10971097[[#create-violation-for-request]] on |request|, and |policy|.
109810981099- 2. If |policy|'s <a for="policy">disposition</a> is "`enforce`",
1099+ 2. If |policy|'s <a for="content security policy object">disposition</a> is "`enforce`",
11001100 then set |result| to "`Blocked`".
1101110111021102 Note: This portion of the check verifies that the page can load the
@@ -1249,7 +1249,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
12491249 3. <a for=list>For each</a> |policy| of |element|'s {{Document}}'s <a for="/">global object</a>'s
12501250<a for="global object">CSP list</a>'s [=CSP list/policies=]:
125112511252- 1. <a for=set>For each</a> |directive| of |policy|'s <a for="policy">directive set</a>:
1252+ 1. <a for=set>For each</a> |directive| of |policy|'s <a for="content security policy object">directive set</a>:
1253125312541254 1. If |directive|'s <a for="directive">inline check</a> returns
12551255 "`Allowed`" when executed upon |element|, |type|, |policy| and |source|,
@@ -1274,7 +1274,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
1274127412751275 7. Execute [[#report-violation]] on |violation|.
127612761277- 8. If |policy|'s <a for="policy">disposition</a> is "`enforce`", then
1277+ 8. If |policy|'s <a for="content security policy object">disposition</a> is "`enforce`", then
12781278 set |result| to "`Blocked`".
1279127912801280 4. Return |result|.
@@ -1315,7 +1315,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
1315131513161316 4. Execute [[#report-violation]] on |violation|.
131713171318- 5. If |policy|'s <a for="policy">disposition</a> is "`enforce`", then
1318+ 5. If |policy|'s <a for="content security policy object">disposition</a> is "`enforce`", then
13191319 set |result| to "`Blocked`".
1320132013211321 3. If |result| is "`Allowed`", and if |navigation request|'s
@@ -1344,7 +1344,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
1344134413451345 5. Execute [[#report-violation]] on |violation|.
134613461347- 6. If |policy|'s <a for="policy">disposition</a> is "`enforce`", then
1347+ 6. If |policy|'s <a for="content security policy object">disposition</a> is "`enforce`", then
13481348 set |result| to "`Blocked`".
1349134913501350 4. Return |result|.
@@ -1389,7 +1389,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
1389138913901390 4. Execute [[#report-violation]] on |violation|.
139113911392- 5. If |policy|'s <a for="policy">disposition</a> is "`enforce`", then
1392+ 5. If |policy|'s <a for="content security policy object">disposition</a> is "`enforce`", then
13931393 set |result| to "`Blocked`".
1394139413951395 3. <a for=list>For each</a> |policy| of |navigation request|'s <a for="request">policy container</a>'s
@@ -1416,7 +1416,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
1416141614171417 4. Execute [[#report-violation]] on |violation|.
141814181419- 5. If |policy|'s <a for="policy">disposition</a> is "`enforce`", then
1419+ 5. If |policy|'s <a for="content security policy object">disposition</a> is "`enforce`", then
14201420 set |result| to "`Blocked`".
1421142114221422 4. Return |result|.
@@ -1474,7 +1474,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
1474147414751475 4. Execute [[#report-violation]] on |violation|.
147614761477- 5. If |policy|'s <a for="policy">disposition</a> is "`enforce`", then
1477+ 5. If |policy|'s <a for="content security policy object">disposition</a> is "`enforce`", then
14781478 set |result| to "`Blocked`".
1479147914801480 3. Return |result|.
@@ -1789,7 +1789,7 @@ Content-Type: application/reports+json
17891789 :: The <a lt="serialized CSP">serialization</a> of |violation|'s
17901790<a for="violation">policy</a>
17911791 : "`disposition`"
1792- :: The <a for="policy">disposition</a> of |violation|'s
1792+ :: The <a for="content security policy object">disposition</a> of |violation|'s
17931793<a for="violation">policy</a>
17941794 : "`status-code`"
17951795 :: |violation|'s <a for="violation">status</a>
@@ -1920,12 +1920,12 @@ Content-Type: application/reports+json
19201920{{SecurityPolicyViolationEvent/violatedDirective}} are the same value.
19211921 This is intentional to maintain backwards compatibility.
192219221923- 4. If |violation|'s <a for="violation">policy</a>'s <a for="policy">directive
1923+ 4. If |violation|'s <a for="violation">policy</a>'s <a for="content security policy object">directive
19241924 set</a> contains a <a>directive</a> named "<a>`report-uri`</a>"
19251925 |directive|:
1926192619271927 1. If |violation|'s <a for="violation">policy</a>'s
1928-<a for="policy">directive set</a> contains a <a>directive</a> named
1928+<a for="content security policy object">directive set</a> contains a <a>directive</a> named
19291929 "<a>`report-to`</a>", skip the remaining substeps.
1930193019311931 2. <a for=set>For each</a> |token| of |directive|'s
@@ -1980,7 +1980,7 @@ Content-Type: application/reports+json
19801980 is, the latter overrides the former, allowing for backwards compatibility
19811981 with browsers that don't support the new mechanism.
198219821983- 5. If |violation|'s <a for="violation">policy</a>'s <a for="policy">directive
1983+ 5. If |violation|'s <a for="violation">policy</a>'s <a for="content security policy object">directive
19841984 set</a> contains a <a>directive</a> named "<a>`report-to`</a>"
19851985 |directive|:
19861986@@ -3531,7 +3531,7 @@ Content-Type: application/reports+json
35313531 1. Let |source list| be null.
3532353235333533 2. If a <a>directive</a> whose <a for="directive">name</a> is
3534- "`base-uri`" is present in |policy|'s <a for="policy">directive
3534+ "`base-uri`" is present in |policy|'s <a for="content security policy object">directive
35353535 set</a>, set |source list| to that <a>directive</a>'s
35363536<a for="directive">value</a>.
35373537@@ -3549,7 +3549,7 @@ Content-Type: application/reports+json
3549354935503550 3. Execute [[#report-violation]] on |violation|.
355135513552- 4. If |policy|'s <a for="policy">disposition</a> is "`enforce`",
3552+ 4. If |policy|'s <a for="content security policy object">disposition</a> is "`enforce`",
35533553 return "`Blocked`".
3554355435553555 Note: We compare against the fallback base URL in order to deal correctly with things like
@@ -3592,7 +3592,7 @@ Content-Type: application/reports+json
35923592 Given a {{Document}} or <a for="/">global object</a> |context| and a <a for="/">policy</a>
35933593 |policy|:
359435943595- 1. If |policy|'s <a for="policy">disposition</a> is not "`enforce`", or
3595+ 1. If |policy|'s <a for="content security policy object">disposition</a> is not "`enforce`", or
35963596 |context| is not a {{WorkerGlobalScope}}, then abort this algorithm.
3597359735983598 2. Let |sandboxing flag set| be a new [=/sandboxing flag set=].
@@ -3731,7 +3731,7 @@ Content-Type: application/reports+json
37313731<a>`frame-ancestors`</a> directive <em>overrides</em> the
37323732 \`<code>[:X-Frame-Options:]</code>\` header. If a resource is delivered with
37333733 a <a for="/">policy</a> that includes a <a>directive</a> named
3734-<a>`frame-ancestors`</a> and whose <a for="policy">disposition</a> is
3734+<a>`frame-ancestors`</a> and whose <a for="content security policy object">disposition</a> is
37353735 "`enforce`", then the \`<code>[:X-Frame-Options:]</code>\` header will be
37363736 ignored, per <cite>HTML</cite>'s processing model.
37373737此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。