CSP 3 adds two new directives that supersede the script-src directive. These must be honored if present, with a fallback to script-src only if they are not present. The attributes allow finer control for allowing scripts only in script blocks or script attributes (event handlers).
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1529337 Standard: https://w3c.github.io/webappsec-csp/#csp-directives Platform Coverage: all Tests: Various web-platform-tests Other Browsers: - Chrome: Implemented in 79 - Safari: MDN claims this in Tech Preview -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CA%2BCWiYia0zafa_6-65o2%2BQruiuTeB26qNntS%2B0D_asoyo5vrCw%40mail.gmail.com.
