Revision f8dedf60
Added by koszko about 1 year ago
test/haketilo_test/unit/test_webrequest.py | ||
---|---|---|
85 | 85 |
payload_csp_header = { |
86 | 86 |
'name': f'Content-Security-Policy', |
87 | 87 |
'value': ("prefetch-src 'none'; script-src-attr 'none'; " |
88 |
f"script-src '{nonce}'; script-src-elem '{nonce}';") |
|
88 |
f"script-src '{nonce}' 'unsafe-eval'; script-src-elem '{nonce}';")
|
|
89 | 89 |
} |
90 | 90 |
|
91 | 91 |
sample_payload_headers = [ |
... | ... | |
107 | 107 |
sample_blocked_headers.append({ |
108 | 108 |
'name': f'Content-Security-Policy', |
109 | 109 |
'value': ("prefetch-src 'none'; script-src-attr 'none'; " |
110 |
f"script-src 'none'; script-src-elem 'none';")
|
|
110 |
"script-src 'none' 'unsafe-eval'; script-src-elem 'none';")
|
|
111 | 111 |
}) |
112 | 112 |
|
113 | 113 |
@pytest.mark.get_page('https://gotmyowndoma.in') |
Also available in: Unified diff
allow eval() in injected scripts