Revision f8dedf60
Added by koszko about 1 year ago
| test/haketilo_test/unit/test_webrequest.py | ||
|---|---|---|
| 85 | 85 |
payload_csp_header = {
|
| 86 | 86 |
'name': f'Content-Security-Policy', |
| 87 | 87 |
'value': ("prefetch-src 'none'; script-src-attr 'none'; "
|
| 88 |
f"script-src '{nonce}'; script-src-elem '{nonce}';")
|
|
| 88 |
f"script-src '{nonce}' 'unsafe-eval'; script-src-elem '{nonce}';")
|
|
| 89 | 89 |
} |
| 90 | 90 |
|
| 91 | 91 |
sample_payload_headers = [ |
| ... | ... | |
| 107 | 107 |
sample_blocked_headers.append({
|
| 108 | 108 |
'name': f'Content-Security-Policy', |
| 109 | 109 |
'value': ("prefetch-src 'none'; script-src-attr 'none'; "
|
| 110 |
f"script-src 'none'; script-src-elem 'none';")
|
|
| 110 |
"script-src 'none' 'unsafe-eval'; script-src-elem 'none';")
|
|
| 111 | 111 |
}) |
| 112 | 112 |
|
| 113 | 113 |
@pytest.mark.get_page('https://gotmyowndoma.in')
|
Also available in: Unified diff
allow eval() in injected scripts