Like stated in #54 and #56 there are some additions to CSP that the evaluator does not recognize, which makes it inaccurate in analyzing most up-to-date policies. The directives that aren't supported include but aren't limited to:
unsafe-hashesCSP.com, Mozilla
Also, the evaluator gets the some keywords wrong , for example hashes, and autocompletes to sha-512- and sha-384- in stead of sha512- and sha384- which breaks the policy by prodiving inaccurate keywords.
Like stated in #54 and #56 there are some additions to CSP that the evaluator does not recognize, which makes it inaccurate in analyzing most up-to-date policies. The directives that aren't supported include but aren't limited to:
wasm-unsafe-eval#54, Mozillainline-speculation-rules#56unsafe-hashesCSP.com, Mozilla Also, the evaluator gets the some keywords wrong , for example hashes, and autocompletes to sha-512- and sha-384- in stead of sha512- and sha384- which breaks the policy by prodiving inaccurate keywords.