I have created a JavaScript variable and when I click on the button it should increment by 1, but its not happening.  Here's manifest.json.  {   "name":"Facebook",   "version":"1.0",   "description":"...
I'm making a chrome extension however I seem to get the following error when I try to fire up an onclick() event.   Refused to load the script 'https://apis.google.com/js/client.js?onload=handleClientLoad' because it violates the followin...
i'am wondering about the quote from the specification: (https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html)     To reap the greatest benefit, authors will need to move all inline script and style out-of-line, f...
The Chrome API's Manifest version 2 has removed the ability to do unsafe-eval. This means using the eval function or in general dynamically creating a function from text.   It seems like most if not all Javascript Templating Engines do this. I wa...
Whilst using CSP for a slightly different purpose (sandboxing) I realized that a very simple auto clicked link seems to bypass even relatively strict CSP. What I am describing is the following:  Content security policy:  default-src 'none'; s...
I don't know where to apply the Content Security Policy (CSP) snippet below in my code;  Content-Security-Policy: script-src 'self' https://apis.google.com   Should it be in the HTML?  Will it be best implemented in JavaScript as in the c...
I'm using Apache 2.4 and I'm trying to implement Content Security Policy. I have set the following header in my httpd.conf  Header set Content-Security-Policy "default 'none'; script-src 'self'"   Now, I have inline ja...
I am making a chrome extension that will open all links on a page in new tabs.  Here are my code files:  manifest.json  {   "name": "A browser action which changes its icon when clicked.",   "version": "1.1",     "...
I'm trying to use MathJax as part of our web application which uses pretty strict Content Security Policy (CSP). The problem is that MathJax is coded to use eval() [to be exact, in form of Function()] which is not considered safe by default by CS...
I have a webpage (say origin=A) that has an iframe embedded in it which loads from a different domain (say B). B loads bunch scripts from different domains (various CDNs). My webpage A sets pretty strict CSP like:     default-src 'none'; scri...

Tags

Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.