Open achvo opened 4 years ago
I can reproduce.
It's not even about the character encoding, just having an empty meta
tag causes the CSP directive to take effect. This looks like a Firefox issue to me, whether the CSP directive takes effect or not should not depend on the existence of another meta
tag.
Prerequisites
Description
Blocking JavaScript does not work in local html files (file://...) if the character encoding is not specified. This bug does not occur if the character encoding is specified.
A specific URL where the issue occurs
See Steps to Reproduce.
Steps to Reproduce
* * script block
file://pathToFile/test.html
).Ruleset
Default +
* * script block
Supporting evidence
Your environment