On 2/19/13 12:19 PM, jeremy.ral...@gmx.ch wrote:
I've started working on a modification of Content Security Policy. I've tried shouldLoad() in
nsIContentPolicy to block script elements, that is TYPE_SCRIPT = 2. However, it seems that this
method is only able to recognize external scripts loaded via <script
src="...">. All inline scripts on a page are ignored.
My questions: Am I right about this? If yes, is there any other possibility to
catch inline scripts?
There is no ShouldLoad() for inline scripts, since there is nothing to load.
Arguably there should be a ShouldProcess; it's possible there isn't one
right now.
-Boris
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
