MozillaWiki

Security/CSP/Spec: Difference between revisions

Page Discussion

Security/CSP/Spec (view source)

Revision as of 16:02, 8 October 2009

41 bytes added ,  8 October 2009
→‎options
Line 216: Line 216:
* The value of this directive is a space-separated list of LDH tokens, each specifying a feature to enable or disable:
* The value of this directive is a space-separated list of LDH tokens, each specifying a feature to enable or disable:
** <tt>inline-script</tt> enables inline scripts and <tt>javascript:</tt> URIs
** <tt>inline-script</tt> enables inline scripts and <tt>javascript:</tt> URIs
** <tt>eval-script</tt> enables the <tt>eval()</tt> functionality of scripts interpreted by the browser, and allows code to be created from strings in uses of <tt>setTimeout</tt> and <tt>setInterval</tt>
** <tt>eval-script</tt> enables the <tt>eval()</tt> functionality of scripts interpreted by the browser, and allows code to be created from strings in uses of the <tt>new Function()</tt> constructor, <tt>setTimeout</tt> and <tt>setInterval</tt>
* Any tokens not recognized by CSP are ''ignored'', and a non-fatal warning is posted to the error console.
* Any tokens not recognized by CSP are ''ignored'', and a non-fatal warning is posted to the error console.


Sidstamm
canmove, Confirmed users
1,537

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/174357"