|
CSP
Jakub T. Jankiewicz
(06 Aug 2022 13:55 UTC)
|
|
Re: CSP
Arthur A. Gleckler
(08 Aug 2022 18:28 UTC)
|
|
Re: CSP
Jakub T. Jankiewicz
(08 Aug 2022 20:00 UTC)
|
|
Re: CSP
Arthur A. Gleckler
(08 Aug 2022 20:14 UTC)
|
|
Re: CSP
Vasilij Schneidermann
(08 Aug 2022 20:47 UTC)
|
|
Re: CSP
Arthur A. Gleckler
(03 Oct 2022 21:14 UTC)
|
|
Re: CSP
Jakub T. Jankiewicz
(19 Jan 2023 14:04 UTC)
|
|
Re: CSP
Magnus Ahltorp
(19 Jan 2023 19:50 UTC)
|
|
Re: CSP Jakub T. Jankiewicz (19 Jan 2023 20:10 UTC)
|
Re: CSP Jakub T. Jankiewicz 19 Jan 2023 20:10 UTC
On Thu, 19 Jan 2023 19:50:17 +0000
Magnus Ahltorp <xxxxxx@kth.se> wrote:
> And I definitely don't understand why a bookmarklet wouldn't work in this
> case, that's user configuration, not cross site functionality.
Most used CSP feature is blocking scripts, and allow to load only script
from same domain (or listed domains), so you can't load 3rd party script with:
<script src=""/>
you can only have bookmark that use code inside the bookmark itself, which is
not very useful. No other libraries. It throw error when I try to load
jQuery.
Another usually blocking eval (scheme.org also block this), try to execute:
eval('alert("x")')
on the page.
--
Jakub T. Jankiewicz, Senior Front-End Developer
https://jcubic.pl/me