Open mtxadmin opened 7 months ago
Some stackoverflow: https://stackoverflow.com/questions/55115912/how-does-the-data-attribute-in-the-attribute-src-of-script-tag-work https://stackoverflow.com/questions/41394983/how-to-defer-inline-javascript (maybe it is defer effects) https://stackoverflow.com/questions/383405/embed-javascript-as-base64
The CSP used for inline-script
does not exclude data:
, I can't remember why.
Until I make a decision, you can use something like:
||carservic.ru^$csp=script-src 'self' *
Prerequisites
I tried to reproduce the issue when...
Description
It turns out than $inline-script construction cannot block inline scripts that added through
A specific URL where the issue occurs.
Steps to Reproduce
Expected behavior
JS scripts from the site are not running and not interfere with copypasting
Actual behavior
some JS scripts are running and adding "Source:" ad suffixes when user copies text from the page
uBO version
1.56.0
Browser name and version
Tested on Mozilla and Opera
Operating System and version
Windows