Hello, after reading through many lines of code to understand CSP implementation in FF I'm still a bit confused.
How exactly is the code flow when one opens a web site in FF that uses a CSP policy? I mean, I've checked files like contentSecurityPolicy.js, CSPUtils.jsm, nsIContentPolicy.h and several more, but I still don't get it right. Do you know of any helpful documentation, scheme, comment or whatsoever that helps understanding better, how FF - recognizes a CSP policy - checks the policy values - uses functionality to block certain elements (in detail) - handles inline scripts? I've read all the "theoretical" papers on W3C, Mozilla, etc. I could get my hands on, but in fact I've found very little that describes the FF implementation of CSP more detailled. Any idea friends? Best Regards, Jeremy _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
