CSP’s Nonce and Hash is dangerous

Please be careful when using either of these mechanisms in dynamically generated content; if an attacker can inject content into something you’ve set a nonce attribute on (or something you generate a hash-source from) then you may have created a free bypass for an attacker.

(1)Nonce
(2)Nonce
(3)Hash

发表评论

电子邮件地址不会被公开。 必填项已用*标注