Hello together, I know that I can block external sources like images, scripts, styles etc. by checking their origin in shouldLoad() of nsIContentPolicy.
However, inline scripts are not "loaded" so this method doesn't apply. My questions are: 1.) Do I have to use shouldProcess() to check inline scripts? 2.) For what types is shouldProcess() used after all? Same as shouldLoad()? While shouldLoad() is quite clear I didn't fully understand the meaning of shouldProcess(). The intention behind these questions is that I want to send an identifier for some inline script tag via a new CSP rule, check if an existing inline script tag owns this identifier and allow its execution only in this case. Best Regards, Jeremy _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
