Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 01:17:36 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] one page modified

Browse source
This commit is contained in:
CPol 2020-07-23 11:40:49 +00:00 committed by gitbook-bot
parent a61d9efa5f
commit 96f0f8a126
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pentesting-web/content-security-policy-csp-bypass.md
View file

@ -2,7 +2,7 @@
## What is CSP
Content Security Policy or CSP is a built-in browser technology which **helps protect from attacks such as cross-site scripting \(XSS\)**. It lists and describes paths and sources, from which the browser can safely load resources. The resources may include images, frames, javascript and more.Here is an example of allowing resource from the local domain \(self\) to be loaded and executed in-line and allow string code executing functions like `eval`, `setTimeout` or `setInterval:`
Content Security Policy or CSP is a built-in browser technology which **helps protect from attacks such as cross-site scripting \(XSS\)**. It lists and describes paths and sources, from which the browser can safely load resources. The resources may include images, frames, javascript and more. Here is an example of allowing resource from the local domain \(self\) to be loaded and executed in-line and allow string code executing functions like `eval`, `setTimeout` or `setInterval:`
`Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval';`