Summary
The Content Security Policy (CSP) script-src directive specifies valid sources for JavaScript, including inline script event handlers and XSLT stylesheets.
1
The unsafe-inline keyword allows the execution of inline scripts or styles, but should be avoided.
2
If necessary, inline script and style can be enabled by adding 'unsafe-inline' as an allowed source in a script-src or style-src directive.
3
According to
See more results on Neeva
Summaries from the best pages on the web
Summary
The unsafe-inline Content Security Policy (CSP) keyword allows the execution of inline scripts or styles.
Except for one very specific case, you should avoid using the unsafe-inline keyword in your CSP policy. As you might guess it is generally unsafe to use unsafe-inline .
unsafe-inline ⟶ CSP Guide
content-security-policy.com
Content-Security-Policy made easy. Build, deploy, and monitor your Content Security Policy today. The most advance tools for maintaining content security ...
Csper: Content Security Policy made easy
csper.io
Create a CSP Policy that allows execution of inline scripts. ... The unsafe-inline source list value can be used to allow inline scripts, but this also defeats ...
CSP Allow Inline Scripts
content-security-policy.com
Older browsers, which don't support the CSP3 standard , will ignore the nonce-* and 'strict-dynamic' keywords and fall back to [script-src 'unsafe-inline' ...
Strict CSP - Content Security Policy
csp.withgoogle.com
A guide to using script-src with CSP or Content Security Policy ... refused to execute inline event handler because it violates the following content security ...
CSP ⟶ script-src Guide
content-security-policy.com
