Revision f8dedf60
Added by koszko about 1 year ago
| test/haketilo_test/unit/test_policy_enforcing.py | ||
|---|---|---|
| 31 | 31 |
allow_policy = {'allow': True}
|
| 32 | 32 |
block_policy = {
|
| 33 | 33 |
'allow': False, |
| 34 |
'csp': f"prefetch-src 'none'; script-src-attr 'none'; script-src 'none'; script-src-elem 'none'; frame-src http://* https://*;" |
|
| 34 |
'csp': f"prefetch-src 'none'; script-src-attr 'none'; script-src 'none' 'unsafe-eval'; script-src-elem 'none'; frame-src http://* https://*;"
|
|
| 35 | 35 |
} |
| 36 | 36 |
payload_policy = {
|
| 37 | 37 |
'mapping': 'somemapping', |
| 38 | 38 |
'payload': {'identifier': 'someresource'},
|
| 39 |
'csp': f"prefetch-src 'none'; script-src-attr 'none'; script-src 'nonce-{nonce}'; script-src-elem 'nonce-{nonce}';"
|
|
| 39 |
'csp': f"prefetch-src 'none'; script-src-attr 'none'; script-src 'nonce-{nonce}' 'unsafe-eval'; script-src-elem 'nonce-{nonce}';"
|
|
| 40 | 40 |
} |
| 41 | 41 |
|
| 42 | 42 |
def content_script(): |
Also available in: Unified diff
allow eval() in injected scripts