If you are working on modifications to CSP, nsIContentSecurityPolicy might be the better place to start. In particular, see 'allowsinlinescript' http://mxr.mozilla.org/mozilla-central/source/content/base/public/nsIContentSecurityPolicy.idl#16 looking at the setters/getters/callers for that should provide direction.
Hope that helps. --dev On 19 February 2013 10:45, Boris Zbarsky <bzbar...@mit.edu> wrote: > On 2/19/13 12:19 PM, jeremy.ral...@gmx.ch wrote: > >> I've started working on a modification of Content Security Policy. I've >> tried shouldLoad() in nsIContentPolicy to block script elements, that is >> TYPE_SCRIPT = 2. However, it seems that this method is only able to >> recognize external scripts loaded via <script src="...">. All inline >> scripts on a page are ignored. >> >> My questions: Am I right about this? If yes, is there any other >> possibility to catch inline scripts? >> > > There is no ShouldLoad() for inline scripts, since there is nothing to > load. > > Arguably there should be a ShouldProcess; it's possible there isn't one > right now. > > -Boris > > ______________________________**_________________ > dev-security mailing list > dev-security@lists.mozilla.org > https://lists.mozilla.org/**listinfo/dev-security<https://lists.mozilla.org/listinfo/dev-security> > _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
