Security/CSP/Spec: Difference between revisions

Jump to navigation Jump to search

Security/CSP/Spec (view source)

Revision as of 21:01, 10 August 2009

22 bytes added ,  10 August 2009
m
→‎script-src
Line 230: Line 230:
* Scripts from non-approved sources will not be requested or loaded.
* Scripts from non-approved sources will not be requested or loaded.
* If script-src is not explicitly specified, script requests are subject to the allow directive.
* If script-src is not explicitly specified, script requests are subject to the allow directive.
* Sites may opt-out of the [[Security/CSP/Spec#No_inline_scripts_will_execute|"No inline script"]] restriction by adding the <tt>'inline'</tt> keyword to the script-src directive
* Sites may opt-out of the [[Security/CSP/Spec#No_inline_scripts_will_execute|"No inline script"]] restriction by adding the <tt>'inline-script'</tt> token to the <tt>options</tt> directive
* Sites may opt-out of the [[Security/CSP/Spec#Code_will_not_be_created_from_strings|"No code from strings"]] restriction by adding the <tt>'eval'</tt> keyword to the script-src directive
* Sites may opt-out of the [[Security/CSP/Spec#Code_will_not_be_created_from_strings|"No code from strings"]] restriction by adding the <tt>'eval-script'</tt> token to the <tt>options</tt> directive


===object-src===
===object-src===
Sidstamm
canmove, Confirmed users
1,537

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/161160"

Navigation menu