Canmove, confirm
1,537
edits
Changes
m
→Directives
** <tt>inline-script</tt> enables inline scripts and <tt>javascript:</tt> URIs
** <tt>eval-script</tt> enables the <tt>eval()</tt> functionality of scripts interpreted by the browser, and allows code to be created from strings in uses of the <tt>new Function()</tt> constructor, <tt>setTimeout</tt> and <tt>setInterval</tt>
* User Agents must MUST ignore any tokens not recognized by CSP, and SHOULD post a non-fatal warning to the error console.
;img-src:
