-
`Content-Security-Policy HTTP header: Bad content security policy: Unrecognised directive-name: "require-trusted-types-for".`
ghost updated
2 years ago
-
If a CSP has `script-src: none` or equivalent to forbid script loading, or if it has a `sandbox` directive to forbid script execution, the CSP evaluator shouldn't recommend `requires-trusted-types-for…
-
### ⚠️ 搜索issues中是否已存在类似问题
- [X] 我已经搜索过issues和disscussions,没有跟我遇到的问题相关的issue
### 操作系统类型?
Windows
### 运行的python版本是?
other
### 复现步骤 🕹
执行`docker-compose build`编译命令后出现
### 问题描述 😯
执行编译命令后就会出现
![…
-
After publishing the [XHR vector](https://github.com/shhnjk/cursed_types#xhr-document-response), there was [feedback](https://twitter.com/craigfrancis/status/1493584577457278976) asking to enforce Tru…
-
Works with "chrome" instead of "firefox".
In both cases:
```bash
./wpt run firefox trusted-types/block-string-assignment-to-Element-setAttribute.html
Running 1 tests in web-platform-tests
```
…
-
* https://wpt.fyi/results/trusted-types/block-string-assignment-to-Element-setAttribute.html needs
* test with an attribute (e.g. HTML's `srcdoc`) node created in a different realm. It should be re…
koto updated
5 months ago
-
In order to add Trusted Types support to lit next we need to be able to test it, and it looks like our current test setup has issues.
We're using @web/test-runner with @web/test-runner-mocha, which d…
-
E.g. https://jsfiddle.net/q5kmL492/ is possible.
https://w3c.github.io/trusted-types/dist/spec/#trusted-types-csp-directive requires the policy-name to consist of at least one character.
That mi…
-
### Description
[This existing page](https://www.elastic.co/guide/en/security/current/add-exceptions.html) documents the rules for escaping `\`, `*`, and `?` for rule exceptions with this text
> Som…
-
Not a bug; just a suggestion, as we've had similar ideas to detect DOM XSSes.
Since TTT is a Chrome extension, and is a tool for pentesters/bughunters, you might use Trusted Types [default policy]…