Content Security Policy Passive scan rule

intruxxer / zaproxy

Automatically exported from code.google.com/p/zaproxy

0 stars 0 forks source link

Content Security Policy Passive scan rule #527

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

Add a passive scan rule to check CSP for:

Including the options eval-script or inline-script

Including any http resources from an https page

Including a large number of sources

Using an 'excessive' wildcard (like *.com)

Original issue reported on code.google.com by psii...@gmail.com on 19 Feb 2013 at 3:51

GoogleCodeExporter commented 9 years ago

http://brandon.sternefamily.net/2011/01/update-to-csp-bookmarklet/

Original comment by kingtho...@gmail.com on 26 May 2014 at 6:07