SummerOfCode/2012/UserCSP/WeeklyUpdates/2012-08-06
< SummerOfCode | 2012 | UserCSP
Jump to navigation
Jump to search
« previous week | index | next week »
This Week
Monday, 06 August
- Under CSP, inline Eval() are by default disabled. To allow users to allow or disallow inline Eval() setting for each domain, I added inline Eval() disabled/enabled option to add-on UI under "ALL" tabs.
- Local database of add-on extended to support inline Eval choice of users.
Tuesday, 07 August
- Tested inline Eval() feature added to add-on UI with a webiste I created in VM.
- I setup VM running "www.example.com" website. Its inlineEval.html page is as follows:
<html>
<body>
<a href="javascript:eval(alert('hi'));" >Click here </a>
</body>
</html>
When I clicked on "Click here" button it showed alert prompt with text 'hi'. After I disabled inline Eval for the website using our add-on, the prompt was disallowed, which is the expected result.
Wednesday, 08 August
- Some minor tweaks in add-on UI such as, added spacing between policy label and policy rules for better visibility of policies.
Thursday, 09 August
- policy rules are displayed in Blue color and all other text is in black color in add-on UI.