csp_fuzzer.dict (1096B)
1 ### dom/security/nsCSPParser.cpp 2 # tokens 3 ":" 4 ";" 5 "/" 6 "+" 7 "-" 8 "." 9 "_" 10 "~" 11 "*" 12 "'" 13 "#" 14 "?" 15 "%" 16 "!" 17 "$" 18 "&" 19 "(" 20 ")" 21 "=" 22 "@" 23 24 ### https://www.w3.org/TR/{CSP,CSP2,CSP3}/ 25 # directive names 26 "default-src" 27 "script-src" 28 "object-src" 29 "style-src" 30 "img-src" 31 "media-src" 32 "frame-src" 33 "font-src" 34 "connect-src" 35 "report-uri" 36 "frame-ancestors" 37 "reflected-xss" 38 "base-uri" 39 "form-action" 40 "manifest-src" 41 "upgrade-insecure-requests" 42 "child-src" 43 "block-all-mixed-content" 44 "sandbox" 45 "worker-src" 46 "plugin-types" 47 "disown-opener" 48 "report-to" 49 50 # directive values 51 "'self'" 52 "'unsafe-inline'" 53 "'unsafe-eval'" 54 "'none'" 55 "'strict-dynamic'" 56 "'unsafe-hashed-attributes'" 57 "'nonce-AA=='" 58 "'sha256-fw=='" 59 "'sha384-/w=='" 60 "'sha512-//8='" 61 62 # subresources 63 "a" 64 "audio" 65 "embed" 66 "iframe" 67 "img" 68 "link" 69 "object" 70 "script" 71 "source" 72 "style" 73 "track" 74 "video" 75 76 # sandboxing flags 77 "allow-forms" 78 "allow-pointer-lock" 79 "allow-popups" 80 "allow-same-origin" 81 "allow-scripts" 82 "allow-top-navigation" 83 "allow-top-navigation-by-user-activation" 84 85 # URI components 86 "https:" 87 "ws:" 88 "blob:" 89 "data:" 90 "filesystem:" 91 "javascript:" 92 "http://" 93 "selfuri.com" 94 "127.0.0.1" 95 "::1"