-
The value for [`base-uri`](https://w3c.github.io/webappsec-csp/#directive-base-uri) is a [`serialized-source-list`](https://w3c.github.io/webappsec-csp/#grammardef-serialized-source-list), which means…
-
Similar to #517 but specifically address browser security.
Content-Security-Policy and x-xss headers
-
- Site: [https://alcs-dev.apps.silver.devops.gov.bc.ca](https://alcs-dev.apps.silver.devops.gov.bc.ca)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 4:
- [https://alcs-dev.apps…
-
**Describe the bug**
When a website includes a script that's hosted on an DNSLink domain, and has a restrictive Content Security Policy, the scripts fail to load, and the website doesn't function pro…
-
- Site: [https://www.zaproxy.org](https://www.zaproxy.org)
**New Alerts**
- **Hash Disclosure - Mac OSX salted SHA-1** [10097] total: 1:
- [https://www.zaproxy.org/pdf/ZAPGettingStartedGuide…
-
- Site: [http://localhost:8090](http://localhost:8090)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 2:
- [http://localhost:8090](http://localhost:8090)
- [http://localhost:…
-
https://github.com/jquery/jquery/issues/5365#issuecomment-1819261993
Placeholder issue for jQuery 4.0.0 compatibility / issues.
-
For our application we have a few HTML documents which are provided by an external API, which we then inject into a shadow dom to render to the user in a modal.
Because these documents contain some…
-
`script-src 'sha256-CihokcEcBW4atb_CW_XWsvWwbTjqwQlE9nj9ii5ww5M='` is a valid CSP, per the [hash-source grammar](https://w3c.github.io/webappsec-csp/#grammardef-hash-source). Note the base64url-encode…
-
- Site: [https://www.google.com](https://www.google.com)
**New Alerts**
- **PII Disclosure** [10062] total: 12:
- [https://www.google.com/forms/about/](https://www.google.com/forms/about/)
…