TerribleDev/HardHat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add missing quotes for unsafe-inline

Browse Source
This commit is contained in:
Tommy Parnell
2019-02-03 17:23:33 -05:00
parent 1f1c9ebd96
commit 13f2ed4531
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/HardHat/CSPConstants.cs
View File

@@ -18,11 +18,11 @@ namespace HardHat
/// <summary> /// <summary>
/// Allows the use of inline resources, such as inline <script> elements, javascript: URLs, inline event handlers, and inline <style> elements. You must include the single quotes. /// Allows the use of inline resources, such as inline <script> elements, javascript: URLs, inline event handlers, and inline <style> elements. You must include the single quotes.
/// </summary> /// </summary>
public const string UnsafeInline = "unsafe-inline"; public const string UnsafeInline = "'unsafe-inline'";
/// <summary> /// <summary>
/// Allows the use of eval() and similar methods for creating code from strings. You must include the single quotes. /// Allows the use of eval() and similar methods for creating code from strings. You must include the single quotes.
/// </summary> /// </summary>
public const string UnsafeEval = "unsafe-eval"; public const string UnsafeEval = "'unsafe-eval'";
/// <summary> /// <summary>
/// Refers to the empty set; that is, no URLs match. The single quotes are required. /// Refers to the empty set; that is, no URLs match. The single quotes are required.
/// </summary> /// </summary>
@@ -30,7 +30,7 @@ namespace HardHat
/// <summary> /// <summary>
/// The strict-dynamic source expression specifies that the trust explicitly given to a script present in the markup, by accompanying it with a nonce or a hash, shall be propagated to all the scripts loaded by that root script. At the same time, any whitelist or source expressions such as 'self' or 'unsafe-inline' will be ignored. /// The strict-dynamic source expression specifies that the trust explicitly given to a script present in the markup, by accompanying it with a nonce or a hash, shall be propagated to all the scripts loaded by that root script. At the same time, any whitelist or source expressions such as 'self' or 'unsafe-inline' will be ignored.
/// </summary> /// </summary>
public const string StrictDynamic = "strict-dynamic"; public const string StrictDynamic = "'strict-dynamic'";
/// <summary> /// <summary>
/// A whitelist for specific inline scripts using a cryptographic nonce (number used once). The server must generate a unique nonce value each time it transmits a policy. It is critical to provide an unguessable nonce, as bypassing a resources policy is otherwise trivial. See unsafe inline script for an example. /// A whitelist for specific inline scripts using a cryptographic nonce (number used once). The server must generate a unique nonce value each time it transmits a policy. It is critical to provide an unguessable nonce, as bypassing a resources policy is otherwise trivial. See unsafe inline script for an example.
/// </summary> /// </summary>