Thanks for your input. I'll check out your hints. Nonetheless I think that my question wasn't precise enough. What I'm actually thinking about is the following.
Let's assume we have an HTML doc with two inline script areas like <script id="s1"> ... </script> <script id="s2"> ... </script> I want to block "s1", but allow "s2" in the same document. As far as I've understood CSP, it's only possible to block both scripts (by default) or allow both using unsafe-inline. I'd like to avoid "unsafe-inline" and "unsafe-eval" as they soften the policy and instead decide manually which parts to allow and which ones to block. Is there any chance to achieve this with CSP as it is (or maybe by adding some lines of code)? Jeremy _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
