Project

General

Profile

Feature #34

improve CSP injection blocking

Added by koszko about 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Start date:
07/01/2021
Due date:
% Done:

0%

Estimated time:

Description

There are some possible pathological cases like <script> before <head>. We should make sure CSP <meta> tag we injects works for all corner cases.

Keep in mind we also have another script-blocking mechanisms employed simultaneously, so this is not as bad as it might seem.

History

#1

Updated by koszko about 2 years ago

  • Description updated (diff)

Update: we might be able to just inject <meta> at the very beginning of the document. Browsers seem to be able to deal with such oddity (they actually create a <head> for it)

#2

Updated by koszko almost 2 years ago

  • Status changed from New to Closed

Can be considered done as part of #78

Also available in: Atom PDF