diff options
author | Wojtek Kosior <koszko@koszko.org> | 2022-06-01 18:14:09 +0200 |
---|---|---|
committer | Wojtek Kosior <koszko@koszko.org> | 2022-06-10 14:13:57 +0200 |
commit | f8dedf60638bffde3f92116db3f418d2e6260e80 (patch) | |
tree | aa6da7b69f0db5c17c643505eaf9f2d8053d2daf /test/haketilo_test/unit/test_webrequest.py | |
parent | 9bee4afaab8b89613e5e504829bdd4fae204e134 (diff) | |
download | browser-extension-f8dedf60638bffde3f92116db3f418d2e6260e80.tar.gz browser-extension-f8dedf60638bffde3f92116db3f418d2e6260e80.zip |
allow eval() in injected scripts
Diffstat (limited to 'test/haketilo_test/unit/test_webrequest.py')
-rw-r--r-- | test/haketilo_test/unit/test_webrequest.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/test/haketilo_test/unit/test_webrequest.py b/test/haketilo_test/unit/test_webrequest.py index 1244117..dc329b8 100644 --- a/test/haketilo_test/unit/test_webrequest.py +++ b/test/haketilo_test/unit/test_webrequest.py @@ -85,7 +85,7 @@ nonce = f'nonce-{sha256(nonce_source).digest().hex()}' payload_csp_header = { 'name': f'Content-Security-Policy', 'value': ("prefetch-src 'none'; script-src-attr 'none'; " - f"script-src '{nonce}'; script-src-elem '{nonce}';") + f"script-src '{nonce}' 'unsafe-eval'; script-src-elem '{nonce}';") } sample_payload_headers = [ @@ -107,7 +107,7 @@ sample_blocked_headers.append(sample_csp_header) sample_blocked_headers.append({ 'name': f'Content-Security-Policy', 'value': ("prefetch-src 'none'; script-src-attr 'none'; " - f"script-src 'none'; script-src-elem 'none';") + "script-src 'none' 'unsafe-eval'; script-src-elem 'none';") }) @pytest.mark.get_page('https://gotmyowndoma.in') |