vejja

> @vejja in 03, can external scripts have `` syntax, or is it guaranteed to be `` I think in theory it should always be the first syntax as is...

Also if you're wondering what regex we used to have before Cheerio, you can check out: https://github.com/Baroshem/nuxt-security/blob/v1.0.0-rc.1/src/runtime/nitro/plugins/02-cspSsg.ts https://github.com/Baroshem/nuxt-security/blob/v1.0.0-rc.1/src/runtime/nitro/plugins/99-cspNonce.ts

> Thanks! In theory I could still support that syntax relatively easily, it depends on whether nitro handles the html conversion to the spec compliant version or not, otherwise user-supplied...

> Also what about links? Are they always self closing? Or should I treat them the same as script tags? I think `` is always empty. It is never self...

> We might want to look into a hybrid approach, at least until a suitable solution is found for the edge cases that are harder to catch with regex. That...

> > Isn't an inline script the same as an external script except that it doesn't have an src attribute ? Let me dig into this, I need to read...

> @vejja I have discovered some things: > > 1. It appears as though each section returns a single string in an array (it appears as though they are concatenated...

> @Baroshem you're probably way more experienced in nuxt than me, could I get a confirmation that doing anything with "" (like in a console.log) inside a script is disallowed...

> @vejja @Baroshem this is not yet finished, however I wanted to ask what your opinions on the current implementation is, and if there's anything I should change (the errors...

We only apply Security Headers to HTML resources but I think you are right and it might be incorrect in this case. @Baroshem what's your opinion there? Shall we apply...