зеркало из https://github.com/mozilla/gecko-dev.git
95 строки
1.0 KiB
Plaintext
95 строки
1.0 KiB
Plaintext
### dom/security/nsCSPParser.cpp
|
|
# tokens
|
|
":"
|
|
";"
|
|
"/"
|
|
"+"
|
|
"-"
|
|
"."
|
|
"_"
|
|
"~"
|
|
"*"
|
|
"'"
|
|
"#"
|
|
"?"
|
|
"%"
|
|
"!"
|
|
"$"
|
|
"&"
|
|
"("
|
|
")"
|
|
"="
|
|
"@"
|
|
|
|
### https://www.w3.org/TR/{CSP,CSP2,CSP3}/
|
|
# directive names
|
|
"default-src"
|
|
"script-src"
|
|
"object-src"
|
|
"style-src"
|
|
"img-src"
|
|
"media-src"
|
|
"frame-src"
|
|
"font-src"
|
|
"connect-src"
|
|
"report-uri"
|
|
"frame-ancestors"
|
|
"reflected-xss"
|
|
"base-uri"
|
|
"form-action"
|
|
"manifest-src"
|
|
"upgrade-insecure-requests"
|
|
"child-src"
|
|
"block-all-mixed-content"
|
|
"sandbox"
|
|
"worker-src"
|
|
"plugin-types"
|
|
"disown-opener"
|
|
"report-to"
|
|
|
|
# directive values
|
|
"'self'"
|
|
"'unsafe-inline'"
|
|
"'unsafe-eval'"
|
|
"'none'"
|
|
"'strict-dynamic'"
|
|
"'unsafe-hashed-attributes'"
|
|
"'nonce-AA=='"
|
|
"'sha256-fw=='"
|
|
"'sha384-/w=='"
|
|
"'sha512-//8='"
|
|
|
|
# subresources
|
|
"a"
|
|
"audio"
|
|
"embed"
|
|
"iframe"
|
|
"img"
|
|
"link"
|
|
"object"
|
|
"script"
|
|
"source"
|
|
"style"
|
|
"track"
|
|
"video"
|
|
|
|
# sandboxing flags
|
|
"allow-forms"
|
|
"allow-pointer-lock"
|
|
"allow-popups"
|
|
"allow-same-origin"
|
|
"allow-scripts"
|
|
"allow-top-navigation"
|
|
|
|
# URI components
|
|
"https:"
|
|
"ws:"
|
|
"blob:"
|
|
"data:"
|
|
"filesystem:"
|
|
"javascript:"
|
|
"http://"
|
|
"selfuri.com"
|
|
"127.0.0.1"
|
|
"::1"
|