pokepaste CSP prevents styling of the syntax page

CSP prevents styling of the syntax page

Open C-Ezra-M opened this issue 2 years ago • 0 comments

The page https://pokepast.es/syntax.html is unstyled because of the CSP script-src and style-src rules being set to 'self'. The following appeared in the browser console:

Content Security Policy: Ustawienia strony zablokowały wczytanie zasobu „inline” („script-src”). moz-extension:2132:49
Content Security Policy: Ustawienia strony zablokowały wczytanie zasobu „inline” („style-src”). [syntax.html:6:1](https://pokepast.es/syntax.html)
Content Security Policy: Ustawienia strony zablokowały wczytanie zasobu „inline” („style-src”). [syntax.html:28:1](https://pokepast.es/syntax.html)
Content Security Policy: Ustawienia strony zablokowały wczytanie zasobu „inline” („script-src”). [syntax.html:88:1](https://pokepast.es/syntax.html)

Don't bother that these are in Polish, they just tell that the set CSP rules caused the page to refuse to load inline scripts and styles.

The best this can be set to is 'unsafe-eval' for both.

Even if this is fixed, the script that adds the styling for stats will never work because of a misconstructed condition. Instead, this should be used:

if (document.cookie.split(/;\s+/g).includes("eviv=true")) {
    //...
}

Nov 15 '22 21:11 C-Ezra-M

pokepaste pokepaste copied to clipboard

CSP prevents styling of the syntax page

pokepaste
pokepaste copied to clipboard