Hello, I'm not sure, if this is the right place to ask. Please tell, if I should ask in another group.
I've started working on a modification of Content Security Policy. I've tried shouldLoad() in nsIContentPolicy to block script elements, that is TYPE_SCRIPT = 2. However, it seems that this method is only able to recognize external scripts loaded via <script src="...">. All inline scripts on a page are ignored. My questions: Am I right about this? If yes, is there any other possibility to catch inline scripts? Thanks for your comments. Jeremy _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
