Email list hosting service & mailing list manager

CSP Jakub T. Jankiewicz (06 Aug 2022 13:55 UTC)
Re: CSP Arthur A. Gleckler (08 Aug 2022 18:27 UTC)
Re: CSP Jakub T. Jankiewicz (08 Aug 2022 19:59 UTC)
Re: CSP Arthur A. Gleckler (08 Aug 2022 20:14 UTC)
Re: CSP Vasilij Schneidermann (08 Aug 2022 20:47 UTC)
Re: CSP Arthur A. Gleckler (03 Oct 2022 21:13 UTC)
Re: CSP Jakub T. Jankiewicz (19 Jan 2023 14:04 UTC)
Re: CSP Magnus Ahltorp (19 Jan 2023 19:50 UTC)
Re: CSP Jakub T. Jankiewicz (19 Jan 2023 20:10 UTC)

Re: CSP Jakub T. Jankiewicz 19 Jan 2023 20:10 UTC


On Thu, 19 Jan 2023 19:50:17 +0000
Magnus Ahltorp <xxxxxx@kth.se> wrote:

> And I definitely don't understand why a bookmarklet wouldn't work in this
> case, that's user configuration, not cross site functionality.

Most used CSP feature is blocking scripts, and allow to load only script
from same domain (or listed domains), so you can't load 3rd party script with:

<script src=""/>

you can only have bookmark that use code inside the bookmark itself, which is
not very useful. No other libraries. It throw error when I try to load
jQuery.

Another usually blocking eval (scheme.org also block this), try to execute:

eval('alert("x")')

on the page.

--
Jakub T. Jankiewicz, Senior Front-End Developer
https://jcubic.pl/me