csp-html-webpack-plugin
csp-html-webpack-plugin copied to clipboard
slackhq
A plugin which, when combined with HTMLWebpackPlugin, adds CSP tags to the HTML output.
Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2. Release notes Sourced from json5's releases. v1.0.2 Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [qs](https://github.com/ljharb/qs) from 6.5.2 to 6.5.3. Changelog Sourced from qs's changelog. 6.5.3 [Fix] parse: ignore __proto__ keys (#428) [Fix] utils.merge`: avoid a crash with a null target and a truthy...
Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2. Release notes Sourced from decode-uri-component's releases. v0.2.2 Prevent overwriting previously decoded tokens 980e0bf https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2 v0.2.1 Switch to GitHub workflows 76abc93 Fix issue where decode...
### Description Trying to use this plugin within a static website is opening security holes by default. For example if we follow https://github.com/slackhq/csp-html-webpack-plugin/issues/53, it will add static nonces on a...
### Description Describe your issue here. ### What type of issue is this? (place an `x` in one of the `[ ]`) - [x] bug - [ ] enhancement (feature...
### Description The HTML output has an invalid doctype line like this: ```html ``` This happens even with an extremely minimal configuration file, see below. ### What type of issue...
The last commit was in September 2021, and there are 15 pending pull requests. If this plugin is no longer maintained, please consider updating the README to say so.
### Description The `CspHtmlWebpackPlugin` generates incorrect hashes, causing issues when trying to use the generated CSP. I have created a GitHub repository to reproduce the issue and deployed the site...
