Revision f8dedf60
Added by koszko about 1 year ago
test/haketilo_test/unit/test_policy_enforcing.py | ||
---|---|---|
31 | 31 |
allow_policy = {'allow': True} |
32 | 32 |
block_policy = { |
33 | 33 |
'allow': False, |
34 |
'csp': f"prefetch-src 'none'; script-src-attr 'none'; script-src 'none'; script-src-elem 'none'; frame-src http://* https://*;" |
|
34 |
'csp': f"prefetch-src 'none'; script-src-attr 'none'; script-src 'none' 'unsafe-eval'; script-src-elem 'none'; frame-src http://* https://*;"
|
|
35 | 35 |
} |
36 | 36 |
payload_policy = { |
37 | 37 |
'mapping': 'somemapping', |
38 | 38 |
'payload': {'identifier': 'someresource'}, |
39 |
'csp': f"prefetch-src 'none'; script-src-attr 'none'; script-src 'nonce-{nonce}'; script-src-elem 'nonce-{nonce}';" |
|
39 |
'csp': f"prefetch-src 'none'; script-src-attr 'none'; script-src 'nonce-{nonce}' 'unsafe-eval'; script-src-elem 'nonce-{nonce}';"
|
|
40 | 40 |
} |
41 | 41 |
|
42 | 42 |
def content_script(): |
Also available in: Unified diff
allow eval() in injected scripts