kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-07 18:57:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

CSP filters: add explicit style-src-elem handling and improve unit tests

Browse Source 
See ChatGPT conversation: https://chatgpt.com/share/68b4a82c-e0c8-800f-9273-9165ce1aa8d6
This commit is contained in:
Kevin Veen-Birkenbach
2025-08-31 21:53:39 +02:00
parent 1dbd714a56
commit d0cec9a7d4
1 changed files with 12 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
filter_plugins/csp_filters.py
View File

@@ -111,17 +111,18 @@ class FilterModule(object):
"""
try:
directives = [
'default-src',
'connect-src',
'frame-ancestors',
'frame-src',
'script-src',
'script-src-elem',
'style-src',
'font-src',
'worker-src',
'manifest-src',
'media-src',
'default-src', # Fallback source list for all content types not explicitly listed
'connect-src', # Controls allowed URLs for XHR, WebSockets, EventSource, and fetch()
'frame-ancestors', # Restricts which parent frames can embed this page via <iframe>, <object>, <embed>, <applet>
'frame-src', # Controls allowed sources for nested browsing contexts like <iframe>
'script-src', # Controls allowed sources for inline scripts and <script> elements (general script execution)
'script-src-elem', # Controls allowed sources specifically for <script> elements (separate from inline/event handlers)
'style-src', # Controls allowed sources for inline styles and <style>/<link> elements (general styles)
'style-src-elem', # Controls allowed sources specifically for <style> and <link rel="stylesheet"> elements
'font-src', # Controls allowed sources for fonts loaded via @font-face
'worker-src', # Controls allowed sources for web workers, shared workers, and service workers
'manifest-src', # Controls allowed sources for web app manifests
'media-src', # Controls allowed sources for media files like <audio> and <video>
]
parts = []