Avidemux is a free video editor designed for simple cutting, filtering and encoding tasks. It supports many file types, including AVI, DVD compatible MPEG files, MP4 and ASF, using a variety of codecs. Tasks can be automated using projects, job queue and powerful scripting capabilities.Avidemux is available for Linux, BSD, Mac OS X and Microsoft Windows under the GNU GPL license. The program was written from scratch by Mean, but code from other people and projects has been used as well. Patches, translations and even bug reports are always welcome.
Another polishing version by Euma*
Encoder:Add LibVA based HW accelerated H.264 encoder (Intel/Linux)
Win32 binaries on fosshub was damaged, it has been re-uploaded under the name v2【英语】第一个是选择题,如下:one HK engineer may be transfered to you,the following questions please help to anwser:a),are you willing to transfer one engineer to you?if not,what difficulties do you have?b),if it is tr-学路网-学习路上 有我相伴
第一个是选择题,如下:one HK engineer may be transfered to you,the following questions please help to anwser:a),are you willing to transfer one engineer to you?if not,what difficulties do you have?b),if it is tr
来源：互联网 &责任编辑：王小亮 &
VB选择题执行如下语句Prompt必需的。作为对话框消息出现的字符串表达式。prompt的最大长度大约是102...则此函数返回一个长度为零的字符串(&&)。注意如果还要指定第一个命名...这是关于广州学业水平测试语文的两道选择题题目如下求答案用在第一空恰当,独树一帜,比喻独特新奇,自成一家。用在地三空恰当。别具一格,是说具有自己独特的风格。用在第二空恰当,因而选D19,第一个A发展和创造调换位置(逻辑混乱...语文选择题答题技巧现概括介绍如下,仅供参考。高考选择题的解题技巧包括解题思路、步骤、求解方法及求解时应注意的问题。一、高考题型高考的题型分为两大类,第一大类是选择题,第二大类是...初中化学关于化肥类的知识点,选择题用到的,探究题用到的都要...闻气味D.根据溶解性【变式4】有一种化肥样品,为了确定它是哪种化肥,进行如下实验...选项中含有钾元素的肥料是钾肥,所以答案为③(2)是鉴别题,鉴别NH4Cl和(NH4)2SO4...单项选择题:B超:超声波:诊断、答案如下:容易看出来几个名词的规律第一个是仪器名称第二个是其中的一个组成部件第三个是部件的作用A天线不是探测是接受和发送电磁波信号C底片不是摄影摄影太宽泛应该...第一个是选择题,如下:oneHKengineermaybetransferedtoyou,thefollowingquestionspleasehelptoanwser:a),areyouwillingtotransferoneengineertoyou?ifnot,whatdifficultiesdoyouhave?b),ifitistr(图2)第一个是选择题,如下:oneHKengineermaybetransferedtoyou,thefollowingquestionspleasehelptoanwser:a),areyouwillingtotransferoneengineertoyou?ifnot,whatdifficultiesdoyouhave?b),ifitistr(图4)第一个是选择题,如下:oneHKengineermaybetransferedtoyou,thefollowingquestionspleasehelptoanwser:a),areyouwillingtotransferoneengineertoyou?ifnot,whatdifficultiesdoyouhave?b),ifitistr(图6)第一个是选择题,如下:oneHKengineermaybetransferedtoyou,thefollowingquestionspleasehelptoanwser:a),areyouwillingtotransferoneengineertoyou?ifnot,whatdifficultiesdoyouhave?b),ifitistr(图10)第一个是选择题,如下:oneHKengineermaybetransferedtoyou,thefollowingquestionspleasehelptoanwser:a),areyouwillingtotransferoneengineertoyou?ifnot,whatdifficultiesdoyouhave?b),ifitistr(图13)第一个是选择题,如下:oneHKengineermaybetransferedtoyou,thefollowingquestionspleasehelptoanwser:a),areyouwillingtotransferoneengineertoyou?ifnot,whatdifficultiesdoyouhave?b),ifitistr(图15)这是用户提出的一个英语问题,具体问题为:第一个是选择题,如下:one HK engineer may be transfered to you,the following questions please help to anwser:单项选择题:B超:超声波:诊断、答案如下:容易看出来几个名词的规律第一个是仪器名称第二个是其中的一个组成部件第三个是部件的作用A天线不是探测是接受和发送电磁波信号C底片不是摄影摄影太宽泛应该...防抓取，学路网提供内容。a),are you willing to transfer one engineer to you?if not,what difficulties do you have?VFP中试题中的一个编程和几个填空、选择题,麻烦解决下,谢谢...程序如下:usestudstore0tos1,s2,n1,n2dowhilenoteof()ifleft(姓名,2)=&张&防抓取，学路网提供内容。b),if it is transferable,what is sealing salary you can offer to this engineer?mysql一个选择题!请教下各位高手A不行,因为第四个字段是CHAR型的,就必须要用引号给括住;B可以;C记录会出错的,因为已经指定了第一个字段S#NOTNULL,而第三条记录的第一个字段是空,所以是防抓取，学路网提供内容。c),what are your conditions or concerns if you agree to accept this engineer?sQl语句选择题,求解释&&&&选BA、('201009','111',60,必修)//错误,必修要加引号B、('200823','101',NULL,NULL)//正确C、(防抓取，学路网提供内容。选什么?第二题是翻译初一数学选择题!!快!!完整过程如下:解:设原价为A元(A属于正数)则第一季度价格(A+10%A)元,即1.1A元第二季度价格1.1A[1-(a-5)%]元,即(1155-11a)A/1000元所以,防抓取，学路网提供内容。如下:昨晚我与YANZHONG商量过了,由于我们公司已经安排好了工程师,所以这位工程师不需要了,20116月的证券从业资格考试多项选择题怎么计分??比如有三...2011年6月证券从业资格考试计分方式如下:单选60题,每题0.5分多选题40题,每题1分,(多选、少选、错选均不给分,均得0分)判断防抓取，学路网提供内容。我们通过互联网以及本网用户共同努力为此问题提供了相关答案,以便碰到此类问题的同学参考学习,请注意,我们不能保证答案的准确性,仅供参考,具体如下:在EXCEl中怎么选中一列表格从第一个到最后一个我...答：选中第一个，按住CTRL+SHIFT+下箭头防抓取，学路网提供内容。用户都认为优质的答案:同时喜欢上两个人选择第一个还是第二个？理由是什么？答：等一个，那是真实的，喜欢等二个是在第一个的基础上喜欢的，你还会喜欢，四，五，六……人心是满足不了的防抓取，学路网提供内容。根据第二题,第一题只能选A了jquery选择器的写法？一组li，选择不是第一个，且...问：ul下有一组li，想通过jquery选择器吧除第一个和最后一个以外的所有都选...答：$("li:not(':first,:last')防抓取，学路网提供内容。i discussed this issue with Yanzhong last night.as we already have an engineer in place,we don't need you to transfer any any more.thank you very much!如何让easyui中的tabs初始化时默认不是选中第一个...答：手动用代码控制，否则easyui不能读懂你的心，不知道你想要默认选中那个使用内置的select方法，参数可以使ID，也可以使NAME防抓取，学路网提供内容。VFP中试题中的一个编程和几个填空、选择题,麻烦解决下,谢谢...程序如下:usestudstore0tos1,s2,n1,n2dowhilenoteof()ifleft(姓名,2)=&张&...BY和GROUPBY9,职工表和职工表的索引文件已打开,现要将记录指针定位到第一个工...mysql一个选择题!请教下各位高手A不行,因为第四个字段是CHAR型的,就必须要用引号给括住;B可以;C记录会出错的,因为已经指定了第一个字段S#NOTNULL,而第三条记录的第一个字段是空,所以是不行的;D的...sQl语句选择题,求解释&&&&选BA、('201009','111',60,必修)//错误,必修要加引号B、('200823','101',NULL,NULL)//正确C、(NULL,'103',80,'选修')//错误,第一个字段不允许为空D、('201132',NULL,86...初一数学选择题!!快!!完整过程如下:解:设原价为A元(A属于正数)则第一季度价格(A+10%A)元,即1.1A元第二季度价格1.1A[1-(a-5)%]元,即(1155-11a)A/1000元所以,由题得:(1155-11a)A/1000...
相关信息：
- Copyright & 2017 www.xue63.com All Rights Reserved&object data="https://example.com/flash">&/object>
&!-- Non-matching 'type' declaration -->
&object data="https://example.com/flash" type="application/x-shockwave-flash">&/object>
&!-- Non-matching resource -->
&object data="https://example.com/flash" type="application/pdf">&/object>
If the page allowed Flash content by sending the following header:
Content-Security-Policy:
application/x-shockwave-flash
Then the second item above would load successfully:
&!-- Matching 'type' declaration and resource -->
&object data="https://example.com/flash" type="application/x-shockwave-flash">&/object>
This directive’s
algorithm is as
(request), a
(response), and a
Assert: policy is unused.
If request’s
is either "object"
or "embed":
Let type be the result of
from response’s .
If type is not an
match for any item
in this directive’s , return "Blocked".
Return "Allowed".
(plugin element), this algorithm returns "Blocked"
or "Allowed" based on the element’s type attribute and the policy applied to
its document:
For each policy in plugin element’s ’s :
If policy contains a
(directive) whose name is plugin-types:
Let type be "application/x-java-applet" if plugin element is an
element, or plugin element’s type attribute’s
value if present, or "null" otherwise.
Return "Blocked" if any of the following are true:
type is null.
type is not a .
type is not an
match for any
item in directive’s .
Return "Allowed".
The sandbox directive specifies an HTML sandbox policy which the
user agent will apply to a resource, just as though it had been included in
The directive’s syntax is described by the following ABNF grammar, with
the additional requirement that each token value MUST be one of the
keywords defined by HTML specification as allowed values for the
attribute .
directive-name
= "sandbox"
directive-value = "" /
This directive has no re it will be ignored entirely when
delivered in a
header, or within
This directive’s
algorithm is as
(request), a
(response), and a
Assert: response is unused.
If policy’s
is not "Enforce", then
return "Allowed".
If request’s
"serviceworker", "sharedworker", or "worker":
If the result of the
using this directive’s
as the input
contains either the
flags, return
"Blocked".
Note: This will need to change if we allow Workers to be sandboxed into
unique origins, which seems like a pretty reasonable thing to do.
Return "Allowed".
This directive’s
algorithm is
responsible for adjusting a 's
according to the
values present in its policies, as
(context), a
(response), and a
Assert: response is unused.
If policy’s
is not "Enforce", or context is not a , then abort this algorithm.
Note: This will need to change if we allow Workers to be sandboxed,
which seems like a pretty reasonable thing to do.
using this directive’s
as the input, and context’s
as the output.
The disown-opener directive ensures that a resource
when navigated to. The directive’s syntax is
described by the following ABNF grammar:
directive-name
= "disown-opener"
directive-value = ""
This directive has no re it will be ignored entirely when
delivered in a
header, or within
Not sure this is the right model. We need to ensure that we take care
well, and there might be a cleverer syntax that could encompass both a
document’s opener, and a document’s openees. disown-openee is weird.
Maybe disown 'opener' 'openee'? Do we need origin restrictions on either/both?
This directive’s
algorithm is as
(context), a
(response), and a
Assert: response and policy are unused.
If context’s
has an , .
What should this do in an ? Anything?
The form-action directive restricts the s which can be used
as the target of a form submissions from a given context. The directive’s syntax is
described by the following ABNF grammar:
directive-name
= "form-action"
directive-value =
(request), a string (type, "form-submission or
"other") and two
(source and target), this
algorithm returns "Blocked" if one or more of the ancestors of target violate the frame-ancestors directive delivered with the response, and
"Allowed" otherwise. This constitutes the form-action' directive’s :
Assert: source and target are unused in this algorithm, as form-action is concerned only with details of the outgoing request.
If type is "form-submission":
If the result of executing
on request and this directive’s
"Does Not Match", return "Blocked".
Return "Allowed".
The frame-ancestors directive restricts the s which can
embed the resource using , , , , or
element. Resources can use this directive to avoid many UI
Redressing
attacks, by avoiding the risk of being embedded into
potentially hostile contexts.
The directive’s syntax is described by the following ABNF grammar:
directive-name
= "frame-ancestors"
directive-value =
ancestor-source-list = (
ancestor-source
The frame-ancestors directive MUST be ignored when contained in a policy
declared via a
Note: The frame-ancestors directive’s syntax is similar to a , but frame-ancestors will not fall back to the default-src directive’s value if one is specified. That is, a policy that declares default-src 'none' will still allow the resource to be embedded by anyone.
(request), a
(navigation response)
(source and target), this algorithm
returns "Blocked" if one or more of the ancestors of target violate the frame-ancestors directive delivered with the response, and "Allowed"
otherwise. This constitutes the frame-ancestors' directive’s :
Assert: request, navigation response, and source are unused in
this algorithm, as frame-ancestors is concerned only with target’s
ancestors.
If target is not a , return "Allowed".
Let current be target.
While current has a
Set current to parent.
Let origin be the result of executing the
of parent’s ’s .
returns Does Not Match when
executed upon origin, this directive’s , navigation response’s ’s , and 0, return
"Blocked".
Return "Allowed".
Various algorithms in this document hook into the reporting process by
constructing a
object via
or , and passing that object to
to deliver the report.
directive is deprecated. Please use the
directive instead. If the latter directive is present,
this directive will be ignored. To ensure backwards compatibility, we
suggest specifying both, like this:
https://endpoint.
The report-uri directive defines a set of endpoints to which
will be sent when particular behaviors are prevented.
directive-name
= "report-uri"
directive-value =
grammar is defined in Section 4.1 of RFC 3986.
The directive has no effect in and of itself, but only gains meaning in
combination with other directives.
The report-to directive defines a
to which violation reports ought to be sent . The
directive’s behavior is defined in . The directive’s name
and value are described by the following ABNF:
directive-name
= "report-to"
directive-value =
This document defines a core set of directives, and sets up a framework for
modular extension by other specifications. At the time this document was
produced, the following stable documents extend CSP:
defines block-all-mixed-content
defines upgrade-insecure-requests
defines require-sri-for
Extensions to CSP MUST register themselves via the process outlined in . In particular, note the criteria discussed in Section 4.2 of
that document.
New directives SHOULD use the , , , and
hooks in order to
integrate themselves into Fetch and HTML.
(request) and a
(policy), this
algorithm returns the violated
if the request violates the
policy, and "Does Not Violate" otherwise.
Let violates be "Does Not Violate".
For each directive in policy:
Let result be the result of executing directive’s
on request and policy.
If result is "Blocked", then let violates be directive.
Return violates.
Given a ’s
(nonce) and a
(source list), this algorithm returns
"Matches" if the nonce matches one or more source expressions in the list,
and "Does Not Match" otherwise:
Assert: source list is not null.
If nonce is the empty string, return "Does Not Match".
For each expression in source list:
If expression matches the
and nonce is a
match for expression’s
part, return "Matches".
Return "Does Not Match".
(request), and a
(source list),
this algorithm returns the result of executing
on request’s , source list, request’s , and request’s .
Note: This is generally used in '
algorithms to verify that a given
is reasonable.
(request), and a
(source list),
this algorithm returns the result of executing
on response’s , source list, request’s , and request’s .
Note: This is generally used in '
algorithms to verify that a given
is reasonable.
(source list), an
(origin), and a number (redirect count), this
algorithm returns "Matches" if the URL matches one or more source
expressions in source list, or "Does Not Match" otherwise:
Assert: source list is not null.
If source list is an empty list, return "Does Not Match".
If source list contains a single item which is an
match for the string "'none'", return "Does Not Match".
Note: An empty source list (that is, a directive without a value: script-src,
as opposed to script-src host1) is equivalent to a source list containing 'none',
and will not match any URL.
For each expression in source list:
returns "Matches" when
executed upon url, expression, origin, and redirect count, return
"Matches".
Return "Does Not Match".
(expression), an
(origin), and a number (redirect count), this algorithm
returns "Matches" if url matches expression, and "Does Not Match"
otherwise.
Note: origin is the
of the resource relative to which the expression should be resolved. "'self'", for instance, will have distinct
meaning depending on that bit of context.
If expression is the string "*", return "Matches" if one or more of
the following conditions is met:
is the same as origin’s .
Note: This logic means that in order to allow resource from a non-,
it has to be either explicitly whitelisted: default-src * data: custom-scheme-1: custom-scheme-2:,
or the protected resource must be loaded from the same scheme.
If expression matches the
If expression has a
that is not an
match for url’s , then
return "Does Not Match" unless one of the following conditions is
expression’s
match for "http" and url’s
is "https"
expression’s
match for "ws" and url’s
is "wss", "http" or "https"
expression’s
match for "wss" and url’s
is "https"
If expression matches the
return "Matches".
Note: This logic effectively means that script-src http: is
equivalent to script-src http: https:, and script-src http://example.com/ is equivalent to script-src http://example.com https://example.com. As well as WebSocket
schemes are equivalent to corresponding HTTP schemes. In short,
we always allow a secure upgrade from an explicitly insecure expression.
If expression matches the
is null, return "Does Not Match".
If expression does not have a , then
return "Does Not Match" unless one of the following conditions is
is "http", and url’s
one of "https", "ws", or "wss".
is "https", and url’s
Note: As with
above, we allow schemeless
expressions to be upgraded from insecure
schemes to secure schemes.
If the first character of expression’s
is an U+002A ASTERISK character (*):
Let remaining be the result of removing the leading "*" from expression.
If remaining (including the leading U+002E FULL STOP character
(.)) is not an
match for the
rightmost characters of url’s , then return "Does Not Match".
If the first character of expression’s
is not an U+002A ASTERISK character (*), and url’s
match for expression’s , return "Does Not Match".
If expression’s
matches the
rule from , and is not
"127.0.0.1"; or if expression’s
is an , return "Does Not Match".
Note: A future version of this specification may allow literal IPv6
and IPv4 addresses, depending on usage and demand. Given the weak
security properties of IP addresses in relation to named hosts,
however, authors are encouraged to prefer the latter whenever
If expression does not contain a , and url’s
is not the
for url’s , return "Does Not Match".
If expression does contain a , return
"Does Not Match" unless one of the following conditions is met:
expression’s
expression’s
is the same number as url’s .
expression’s
is 80, and url’s
If expression contains a non-empty , and redirect count is 0, then:
Let exact match be false if the final character of expression’s
is the U+002F SOLIDUS
character (/), and true otherwise.
Let path list be the result of
expression’s
on the U+002F SOLIDUS
character (/).
If path list has more items than url’s , return
"Does Not Match".
If exact match is true, and path list does not have the same
number of items as url’s , return "Does Not Match".
For each expression piece in path list:
Let url piece be the next item in url’s .
expression piece.
url piece.
If expression piece is not a
for url piece, return "Does Not Match".
Return "Matches".
If expression is an
match for "'self'",
return "Matches" if one or more of the following conditions is met:
origin is the same as url’s
is the same as url’s , origin’s
and url’s {{URL/port} are either the same
for their respective s, and
one or more of the following conditions is met:
is "https" or "wss"
Note: Like the
logic above, the "'self'"
matching algorithm allows upgrades to secure schemes when it is safe to do
so. We limit these upgrades to endpoints running on the default port for a
particular scheme or a port that matches the origin of the protected
resource, as this seems sufficient to deal with upgrades that can be
reasonably expected to succeed.
Return "Does Not Match".
controls a specific type of . Given
(request), the following algorithm returns either null or the
of the request’s effective directive:
Switch on request’s , and execute
the associated steps:
If the request’s
"fetch", return connect-src.
If the request’s
"manifest", return manifest-src.
If the request’s
"subresource", return connect-src.
If the request’s
"unknown", return object-src.
If the request’s
"document" and the request’s
is a , return frame-src.
Return media-src.
Return font-src.
Return image-src.
Return style-src.
Switch on request’s , and
execute the associated steps:
"subresource"
Return script-src.
"serviceworker"
"sharedworker"
Return worker-src.
Return null.
(element), this algorithm returns "Nonceable" if
expression can match the element (as discussed
in ), and "Not Nonceable" if such expressions
should not be applied.
If element does not have an attribute named "nonce", return "Not Nonceable".
If element is a
element, then for each attribute in element:
If attribute’s name is an
the string "&script" or the string
"&style", return "Not Nonceable".
If attribute’s value contains an
the string "&script" or the string
"&style", return "Not Nonceable".
Return "Nonceable".
This processing is meant to mitigate the risk
of dangling markup attacks that steal the nonce from an existing element
in order to load injected script. It is fairly expensive, however, as it
requires that we walk through all attributes and their values in order to
determine whether the script should execute. Here, we try to minimize the
impact by doing this check only for
elements when a nonce is
present, but we should probably consider this algorithm as "at risk" until
we know its impact.
(element), a
(list), a string
(type), and a string (source), this algorithm returns "Matches" or
"Does Not Match".
Assert: source contains the value of a
element’s
IDL attribute, the value of a
element’s
IDL attribute, or the value of one of a
element’s .
Note: This means that source will be interpreted with the encoding
of the page in which it is embedded. See the integration points
for more detail.
Let contains nonce or hash and hashes match attributes be false.
For each expression in list:
If expression matches the
grammar, set contains nonce or hash to true.
If expression is an
match for the
"", set hashes match
attributes to true.
If contains nonce or hash is false, and list contains a
which is an
for the string "'unsafe-inline'", then return "Matches".
Note: This logic means that if list contains both "'unsafe-inline'"
and either
"'unsafe-inline'" will have no effect.
If type is "script" or "style", and
returns "Nonceable" when executed upon element:
For each expression in list:
If expression matches the
and element has a
attribute whose value is a
match for expression’s
part, return "Matches".
Note: Nonces only apply to inline
and inline , not to
attributes of either element.
If type is "script" or "style", or hashes match attributes is true:
For each expression in list:
If expression matches the
Let algorithm be null.
If expression’s
part is an
match for "sha256", set algorithm to .
If expression’s
part is an
match for "sha384", set algorithm to .
If expression’s
part is an
match for "sha512", set algorithm to .
If algorithm is not null:
Let actual be the result of
result of applying algorithm to source.
If actual is a
match for expression’s
part, return
"Matches".
Note: Hashes apply to inline
and inline . If the
"" source expression is present,
they will also apply to event handlers and style attributes.
Return "Does Not Match".
Nonces override the other restrictions present in the directive in which
they’re delivered. It is critical, then, that they remain unguessable, as
bypassing a resource’s policy is otherwise trivial.
If a server delivers a
expression as part of a , the server MUST generate a unique value each time it
transmits a policy. The generated value SHOULD be at least 128 bits long
(before encoding), and SHOULD be generated via a cryptographically secure
random number generator in order to ensure that the value is difficult for
an attacker to predict.
Note: Using a nonce to whitelist inline script or style is less secure than
not using a nonce, as nonces override the restrictions in the directive in
which they are present. An attacker who can gain access to the nonce can
execute whatever script they like, whenever they like. That said, nonces
provide a substantial improvement over
layering a content security policy on top of old code. When considering , authors are encouraged to consider nonces
(or hashes) instead.
Dangling markup attacks such as those discussed in
can be used to repurpose a page’s legitimate nonces for injections. For
example, given an injection point before a
&p>Hello, [INJECTION POINT]&/p>
&script nonce=abc src=/good.js>&/script>
If an attacker injects the string "&script src='https://evil.com/evil.js' ",
then the browser will receive the following:
&p>Hello, &script src='https://evil.com/evil.js' &/p>
&script nonce=abc src=/good.js>&/script>
It will then parse that code, ending up with a
element with a src attribute pointing to a malicious payload, an attribute named &/p>,
an attribute named "&script", a nonce attribute, and a
second src attribute which is helpfully discarded as duplicate by the parser.
algorithm attempts to mitigate this specific
attack by walking through
element attributes, looking for the
string "&script" or "&style" in their names or values.
directive restricts the locations from which the
protected resource can load styles. However, if the user agent uses a lax CSS
parsing algorithm, an attacker might be able to trick the user agent into
accepting malicious "stylesheets" hosted by an otherwise trustworthy origin.
These attacks are similar to the CSS cross-origin data leakage attack
described by Chris Evans in 2009 . User agents SHOULD defend
against both attacks using the same mechanism: stricter CSS parsing rules for
style sheets with improper MIME types.
The violation reporting mechanism in this document has been designed to
mitigate the risk that a malicious web site could use violation reports to
probe the behavior of other servers. For example, consider a malicious web
site that whitelists https://example.com as a source of images. If the
malicious site attempts to load https://example.com/login as an image, and
the example.com server redirects to an identity provider (e.g. identityprovider.example.net), CSP will block the request. If violation
reports contained the full blocked URL, the violation report might contain
sensitive information contained in the redirected URL, such as session
identifiers or purported identities. For this reason, the user agent includes
only the URL of the original request, not the redirect target.
This section is not normative.
The above sections note that when multiple policies are present, each must be
enforced or reported, according to its type. An example will help clarify how
that ought to work in practice. The behavior of an XMLHttpRequest might seem unclear given a site that, for whatever reason, delivered the
following HTTP headers:
Content-Security-Policy: default-src 'self' http://example.com http://example.
connect-src 'none';
Content-Security-Policy: connect-src http://example.com/;
script-src http://example.com/
Is a connection to example.com allowed or not? The short answer is that the
connection is not allowed. Enforcing both policies means that a potential
connection would have to pass through both unscathed. Even though the second
policy would allow this connection, the first policy contains connect-src 'none', so its enforcement blocks the connection. The
impact is that adding additional policies to the list of policies to enforce
can only further restrict the capabilities of the protected resource.
To demonstrate that further, consider a script tag on this page. The first
policy would lock scripts down to 'self', http://example.com and http://example.net via the default-src directive. The second, however,
would only allow script from http://example.com/. Script will only load if
it meets both policy’s criteria: in this case, the only origin that can match
is http://example.com, as both policies allow it.
Whitelists are tough to get right, especially on sprawling origins like CDNs.
examples of the kinds of bypasses which whitelists can enable, and though CSP
is capable of mitigating these bypasses via extensive whitelists, those end
up being brittle, awkward, and difficult to implement and maintain.
The "" source expression aims to make Content
Security Policy simpler to deploy for existing applications who have a high
degree of confidence in the scripts they load directly, but low confidence in
their ability to provide a reasonably secure whitelist.
If present in a
directive, it has
two main effects:
expressions, as well as the ""
and " s will be
ignored when loading script.
expressions
will be honored.
Script requests which are triggered by non-
elements are allowed.
The first change allows you to deploy " in a
backwards compatible way, without requiring user-agent sniffing: the policy 'unsafe-inline' https: 'nonce-abcdefg' 'strict-dynamic' will act like 'unsafe-inline' https: in browsers that support CSP1, https: 'nonce-abcdefg' in browsers that support CSP2, and 'nonce-abcdefg' 'strict-dynamic' in browsers that support CSP3.
The second allows scripts which are given access to the page via nonces or
hashes to bring in their dependencies without adding them explicitly to the
page’s policy.
Suppose MegaCorp, Inc. deploys the following policy:
'nonce-abcdefg'
And serves the following HTML with that policy active:
&script src="https://cdn.example.com/script.js" nonce="abcdefg" >&/script>
This will generate a request for https://cdn.example.com/script.js, which
will not be blocked because of the matching
attribute.
If script.js contains the following code:
var s = document.createElement('script');
s.src = 'https://othercdn.not-example.net/dependency.js';
document.head.appendChild('s');
document.write('&scr' + 'ipt src='/sadness.js'>&/scr' + 'ipt>');
dependency.js will load, as the
element created by createElement() is not .
sadness.js will not load, however, as document.write() produces
elements which are .
This section is not normative.
Work in progress.
Legacy websites and websites with legacy dependencies might find it difficult
to entirely externalize event handlers. These sites could enable such handlers
by whitelisting 'unsafe-inline', but that’s a big hammer with a lot of
associated risk (and cannot be used in conjunction with nonces or hashes).
The "" source expression aims to make
CSP deployment simpler and safer in these situations by allowing developers
to whitelist specific handlers via hashes.
MegaCorp, Inc. can’t quite get rid of the following HTML on anything
resembling a reasonable schedule:
&button id="action" onclick="doSubmit()">
Rather than whitelisting "'unsafe-inline'", they decide to use
"'unsafe-hashed-attributes'" along with a hash source expression, as follows:
'sha256-jzgBGA4UWFFmpOBq0JpdsySukE1FrEN5bUpoK8Z29fY='
This section is not normative.
Work in progress.
could only whitelist inlined
script, but now that Subresource Integrity is widely deployed, we can expand
the scope to enable externalized JavaScript as well.
If multiple sets of integrity metadata are specified for a , the
request will match a policy’s s if and only if each item in a 's integrity metadata matches the policy.
MegaCorp, Inc. wishes to whitelist two specific scripts on a page in a way
that ensures that the content matches their expectations. They do so by
setting the following policy:
Content-Security-Policy: script-src 'sha256-abc123' 'sha512-321cba'
In the presence of that policy, the following
elements would be
whitelisted because they contain only integrity metadata that matches the
&script integrity="sha256-abc123" ...>&/script>
&script integrity="sha512-321cba" ...>&/script>
&script integrity="sha256-abc123 sha512-321cba" ...>&/script>
While the following
elements would not be whitelisted because they
contain metadata that does not match the policy (even though other metadata
does match):
&script integrity="sha384-xyz789" ...>&/script>
&script integrity="sha384-xyz789 sha512-321cba" ...>&/script>
&script integrity="sha256-abc123 sha384-xyz789 sha512-321cba" ...>&/script>
enforced on a resource SHOULD NOT interfere with the operation
of user-agent features like addons, extensions, or bookmarklets. These kinds
of features generally advance the user’s priority over page authors, as
espoused in .
Moreover, applying CSP to these kinds of features produces a substantial
amount of noise in violation reports, significantly reducing their value to
developers.
Chrome, for example, excludes the chrome-extension: scheme from CSP checks,
and does some work to ensure that extension-driven injections are allowed,
regardless of a page’s policy.
The Content Security Policy Directive registry should be updated with the
following directives and references :
This document (see )
This document (see )
This document (see )
This document (see )
This document (see )
This document (see )
This document (see )
This document (see )
This document (see )
This document (see )
This document (see )
This document (see )
This document (see )
This document (see )
This document (see )
This document (see )
This document (see )
This document (see )
This document (see )
This document (see )
The permanent message header field registry should be updated
with the following registrations:
Header field name
Content-Security-Policy
Applicable protocol
Author/Change controller
Specification document
This specification (See )
Header field name
Content-Security-Policy-Report-Only
Applicable protocol
Author/Change controller
Specification document
This specification (See )
Lots of people are awesome. For instance:
Mario and all of Cure53.
Artur Janc, Michele Spagnuolo, Lukas Weichselbaum, Jochen Eisinger, and the
rest of Google’s CSP Cabal.
Conformance requirements are expressed with a combination of
descriptive assertions and RFC 2119 terminology. The key words “MUST”,
“MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”,
“RECOMMENDED”, “MAY”, and “OPTIONAL” in the normative parts of this
document are to be interpreted as described in RFC 2119.
However, for readability, these words do not appear in all uppercase
letters in this specification.
All of the text of this specification is normative except sections
explicitly marked as non-normative, examples, and notes.
Examples in this specification are introduced with the words “for example”
or are set apart from the normative text with class="example",
like this:
This is an example of an informative example.
Informative notes begin with the word “Note” and are set apart from the
normative text with class="note", like this:
Note, this is an informative note.
Requirements phrased in the imperative as part of algorithms (such as
"strip any leading space characters" or "return false and abort these
steps") are to be interpreted with the meaning of the key word ("must",
"should", "may", etc) used in introducing the algorithm.
Conformance requirements phrased as algorithms or specific steps can be
implemented in any manner, so long as the end result is equivalent. In
particular, the algorithms defined in this specification are intended to
be easy to understand and are not intended to be performant. Implementers
are encouraged to optimize.
, in §6.3.2
, in §6.3.2
, in §2.2.1
, in §6.2.1
blockedURI
, in §5.1
, in §5.1
, in §6.1.1
, in §2.3
columnNumber
, in §5.1
, in §5.1
, in §6.1.2
, in §3.1
, in §3.2
, in §4.2
, in §6.1.3
, in §2.2
, in §2.2
, in §2.1
, in §2.2
, in §6.2.4
disposition
, in §2.1
, in §2.3
, in §5.1
, in §5.1
documentURI
, in §5.1
, in §5.1
effective directive
, in §2.3
, in §6.6.1.7
effectiveDirective
, in §5.1
, in §5.1
, in §4.2
, in §4.2
, in §4.3
, in §6.1
, in §6.1.4
, in §6.3.1
, in §6.3.2
, in §6.1.5
, in §2.3
, in §2.2.1
, in §2.2.1
, in §2.2.1
, in §2.2.1
, in §2.2.1
, in §6.1.6
, in §2.2
, in §2.2
, in §2.2.1
, in §2.3
lineNumber
, in §5.1
, in §5.1
, in §6.1.7
, in §6.1.8
, in §6.2.2
, in §6.2.2
, in §4.2
, in §2.2
, in §2.2
, in §2.2.1
, in §2.2.1
, in §6.1.9
originalPolicy
, in §5.1
, in §5.1
, in §2.1
, in §2.2.1
, in §6.2.2
, in §6.2.2
, in §2.1
, in §2.3
, in §2.2.1
, in §2.2
, in §2.2
, in §2.2
, in §2.3
, in §5.1
, in §5.1
, in §6.4.2
, in §6.4.1
, in §2.3
, in §2.2
, in §6.2.3
, in §2.2.1
, in §2.2.1
, in §6.1.10
, in §5.1
, in §5.1
, in §5.1
, in §5.1
, in §2.2.1
, in §2.1
, in §2.2
, in §2.2
, in §2.1
, in §2.2.1
, in §2.2.1
, in §6.2.2.1
, in §2.2.1
, in §2.2.1
, in §2.3
sourceFile
, in §5.1
, in §5.1
, in §2.2.1
, in §2.3
statusCode
, in §5.1
, in §5.1
, in §2.2.1
, in §6.1.11
, in §2.2.1
, in §2.2.1
, in §2.2.1
, in §2.3
, in §2.2
violatedDirective
, in §5.1
, in §5.1
, in §2.3
, in §6.1.12
defines the following terms:
defines the following terms:
defines the following terms:
defines the following terms:
defines the following terms:
defines the following terms:
defines the following terms:
defines the following terms:
defines the following terms:
defines the following terms:
defines the following terms:
defines the following terms:
defines the following terms:
defines the following terms:
defines the following terms:
defines the following terms:
Bert Bos. . 12 April 2016. WD. URL:
Simon P Glenn Adams. . 17 March 2016. WD. URL:
Brian T Allen Wirfs-Brock. . URL:
Anne van Kesteren. . Living Standard. URL:
Ian Hickson. . Living Standard. URL:
[OOB-REPORTING]
Ilya G Mike West. . URL:
N. F N. Borenstein. . November 1996. Draft Standard. URL:
S. Bradner. . March 1997. Best Current Practice. URL:
A. Costello. . March 2003. Proposed Standard. URL:
G. K M. N J. Mogul. . September 2004. Best Current Practice. URL:
T. Berners-L R. F L. Masinter. . January 2005. Internet Standard. URL:
S. Josefsson. . October 2006. Proposed Standard. URL:
D. Crocker, Ed.; P. Overell. . January 2008. Internet Standard. URL:
M. Nottingham. . October 2010. Proposed Standard. URL:
R. Fielding, Ed.; J. Reschke, Ed.. . June 2014. Proposed Standard. URL:
R. Fielding, Ed.; J. Reschke, Ed.. . June 2014. Proposed Standard. URL:
M. West. . January 2016. Informational. URL:
[SERVICE-WORKERS]
Alex R Jungkee S Jake Archibald. . 25 June 2015. WD. URL:
Devdatta A et al. . 23 June 2016. REC. URL:
[WHATWG-DOM]
Anne van Kesteren. . Living Standard. URL:
[WHATWG-URL]
Anne van Kesteren. . Living Standard. URL:
[APPMANIFEST]
Marcos C et al. . 1 September 2016. WD. URL:
Ilya G et al. . 30 August 2016. WD. URL:
Mike W Adam B Daniel Veditz. . 21 July 2015. CR. URL:
[CSS-ABUSE]
Chris Evans. . 28 December 2009. URL:
[EVENTSOURCE]
Ian Hickson. . 3 February 2015. REC. URL:
[FILEDESCRIPTOR-2015]
filedescriptor. . 23 November 2015. URL:
Mario Heiderich. . URL:
[HTML-DESIGN]
Anne Van K Maciej Stachowiak. . URL:
Mike West. . 2 August 2016. CR. URL:
Paul Stone. . URL:
[UISECURITY]
Brad Hill. . 7 June 2016. WD. URL:
[UPGRADE-INSECURE-REQUESTS]
Mike West. . 8 October 2015. CR. URL:
[WEBSOCKETS]
Ian Hickson. . 20 September 2012. CR. URL:
Anne van Kesteren. . Living Standard. URL:
James Clark. . 16 November 1999. REC. URL:
[(DOMString , optional
attribute DOMString
attribute DOMString
attribute DOMString
attribute DOMString
attribute DOMString
attribute DOMString
attribute DOMString
attribute DOMString
attribute unsigned short ;
attribute long
attribute long
dictionary
unsigned short ;
unsafe-hashed-attributes is a work in progress.
SRI integration is a work in progress.
Is this kind of thing specified anywhere? I didn’t see anything
that looked useful in .
How, exactly, do we get the status code? We don’t actually store it
This concept is missing from W3C’s Workers.
Stylesheet loading is not yet integrated with
Fetch in W3C’s HTML.
Stylesheet loading is not yet integrated with
Fetch in WHATWG’s HTML.
This hook is missing from W3C’s HTML.
W3C’s HTML is not based on Fetch, and does not
algorithm into which to hook.
This needs to be better explained.
Do something interesting to the execution context in order to lock down
interesting CSSOM algorithms. I don’t think CSSOM gives us any hooks here, so
let’s work with them to put something reasonable together.
Not sure this is the right model. We need to ensure that we take care
well, and there might be a cleverer syntax that could encompass both a
document’s opener, and a document’s openees. disown-openee is weird.
Maybe disown 'opener' 'openee'? Do we need origin restrictions on either/both?
What should this do in an ? Anything?
This processing is meant to mitigate the risk
of dangling markup attacks that steal the nonce from an existing element
in order to load injected script. It is fairly expensive, however, as it
requires that we walk through all attributes and their values in order to
determine whether the script should execute. Here, we try to minimize the
impact by doing this check only for
elements when a nonce is
present, but we should probably consider this algorithm as "at risk" until
we know its impact.
Work in progress.
Work in progress.
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in:
Referenced in: