It seems sufficient to tell Web Inspector that a script was blocked once for the first enforced CSP policy that it violated. Currently we tell Web Inspector that a script was blocked for each enforced CSP policy that it violated. When Web Inspector is notified of a CSP blocked script it pauses script execution. It does not seem very meaningful from a developer's perspective to have Web Inspector pause script execution for the same script because it violated more than one enforced CSP policy. Pausing once with the CSP violation text should provide enough insight for a developer to check all their CSP policies. For completeness, a page can have more than one Content Security Policy if either its HTTP response has more than one Content-Security-Policy HTTP header or it has multiple <meta http-equiv="Content-Security-Policy"> elements (or both).
Created attachment 339689 [details] Patch
Comment on attachment 339689 [details] Patch Good idea! r=me
Comment on attachment 339689 [details] Patch Clearing flags on attachment: 339689 Committed r231443: <https://trac.webkit.org/changeset/231443>
All reviewed patches have been landed. Closing bug.
<rdar://problem/40027826>