csp-html-webpack-plugin
csp-html-webpack-plugin copied to clipboard
slackhq
A plugin which, when combined with HTMLWebpackPlugin, adds CSP tags to the HTML output.
### Description The hash is wrong when the index.html EOL is CRLF ### What type of issue is this? (place an `x` in one of the `[ ]`) - [x]...
Bumps [terser](https://github.com/terser/terser) from 4.8.0 to 4.8.1. Changelog Sourced from terser's changelog. v4.8.1 (backport) Security fix for RegExps that should not be evaluated (regexp DDOS) Commits See full diff in compare...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 2.6.7. Release notes Sourced from node-fetch's releases. v2.6.7 Security patch release Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th...
Bumps [jsdom](https://github.com/jsdom/jsdom) from 16.4.0 to 16.7.0. Release notes Sourced from jsdom's releases. Version 16.7.0 Added AbortSignal.abort(). (ninevra) Added dummy x and y properties to the return value of getBoundingClientRect(). (eiko)...
### Description nonce values are being added to the script and style tags in my HTML, but the nonces aren't in the CSP string itself. This appears similar to https://github.com/slackhq/csp-html-webpack-plugin/issues/93...
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. Commits 7efb22a 1.2.6 ef88b93 security notice for additional prototype pollution issue c2b9819 isConstructorOrProto adapted from PR bc8ecee test from prototype pollution PR See full...
### Description The **CspHtmlWebpackPlugin** is a plugin made for Webpack, but **doesn't integrate** with the Angular build process anymore. Since **Angular 8+** will generate the `index.html` outside the Webpack build...
### Summary Due to Windows file paths, jest wasn't able to find any test files and due to rm not being available on Windows, coverage could not be created. Updating...
### Description According to [Mozilla's documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src), CSP3 allows for the `-` attribute of `script-src` to be applied for external scripts. As I understand it (based on reading #35 and trying...
### Summary Providing a single boolean value to either of these options will now apply the value to each provided policy directive. Closes slackhq/csp-html-webpack-plugin#98 ### Requirements (place an `x` in...