Crosswalk embedded 14.43.343.23
Hi all,
I’m having some issues with enforcing the content security policy when loading
it through the manifest.
I’m testing with the most restrictive policy so only local js assets should be
accessible.
xWalkWebView.loadAppFromManifest("", "{\n" +
" \"name\": \"" + name + "\",\n" +
" \"start_url\": \"" + url + "\",\n" +
" \"csp\": \"script-src 'self'\",\n" +
"}");
So I should not be able to run external js, or any js within script tags, or
within eval statements. But I’m able to do all of these without the policy
being enforced.
I know the security policy is being parsed because when I use an invalid policy
it will say “Invalid value of directive: “
I’ve run out of ideas for the moment on what else I can try...
So any help would be much appreciated.
Cheers,
Brendan_______________________________________________
Crosswalk-help mailing list
[email protected]
https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-help
