You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We could use trailing spaces (block-all-mixed-content ), but this looks ugly. We could use trailing semicolons (block-all-mixed-content;), but CSP allows semicolons only as delimiters. Moreover, sandbox may or may not have a value, but the following doesn’t work either.
sandbox;
I think, spaces and semicolons should be removed from this regular expression.
Information
Does the problem still occur in the latest version of Prism?
Yes.
Description
As stated in CSP 1.0, CSP 1.1, CSP2, and CSP3, values of directives may be omitted.
For example, empty values of
default-src
,script-src
,style-src
, etc., are equivalent to'none'
(see CSP 1.0, CSP 1.1, CSP2, CSP3).Some directives don’t have values at all. These are
block-all-mixed-content
,upgrade-insecure-requests
, etc.However, Prism doesn’t recognize the following values:
We could use trailing spaces (
block-all-mixed-content
), but this looks ugly. We could use trailing semicolons (block-all-mixed-content;
), but CSP allows semicolons only as delimiters. Moreover,sandbox
may or may not have a value, but the following doesn’t work either.I think, spaces and semicolons should be removed from this regular expression.
May I suggest the following as a replacement?
/\b(?:base-uri|block-all-mixed-content|(?:child|connect|default|font|frame|img|manifest|media|object|script|style|worker)-src|disown-opener|form-action|frame-ancestors|plugin-types|referrer|reflected-xss|report-to|report-uri|require-sri-for|sandbox|upgrade-insecure-requests)\b/i
Code snippet
The code being highlighted incorrectly.
The text was updated successfully, but these errors were encountered: