Ptt 大爆卦 | script-src csp - 前往 https://portswigger.net/web-security/cross-site-scripting/content-security-policy

你即將離開本站

並前往https://portswigger.net/web-security/cross-site-scripting/content-security-policy

Content security policy | Web Security Academy

Mitigating XSS attacks using CSP. The following directive will only allow scripts to be loaded from the same origin as the page itself: script-src 'self'.

確定！回上一頁

查詢「script-src csp」的人也找了：

csp script-src nonce

script-src unsafe-inline

csp unsafe-eval

script src用法

csp: script-src unsafe-inline

script-src-elem

csp script-src self

script-src 'self' 'unsafe-inline'