diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 14:29:10 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 14:29:10 +0000 |
commit | 2aa4a82499d4becd2284cdb482213d541b8804dd (patch) | |
tree | b80bf8bf13c3766139fbacc530efd0dd9d54394c /dom/security/fuzztest/csp_fuzzer.dict | |
parent | Initial commit. (diff) | |
download | firefox-upstream.tar.xz firefox-upstream.zip |
Adding upstream version 86.0.1.upstream/86.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | dom/security/fuzztest/csp_fuzzer.dict | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/dom/security/fuzztest/csp_fuzzer.dict b/dom/security/fuzztest/csp_fuzzer.dict new file mode 100644 index 0000000000..480165d929 --- /dev/null +++ b/dom/security/fuzztest/csp_fuzzer.dict @@ -0,0 +1,95 @@ +### dom/security/nsCSPParser.cpp +# tokens +":" +";" +"/" +"+" +"-" +"." +"_" +"~" +"*" +"'" +"#" +"?" +"%" +"!" +"$" +"&" +"(" +")" +"=" +"@" + +### https://www.w3.org/TR/{CSP,CSP2,CSP3}/ +# directive names +"default-src" +"script-src" +"object-src" +"style-src" +"img-src" +"media-src" +"frame-src" +"font-src" +"connect-src" +"report-uri" +"frame-ancestors" +"reflected-xss" +"base-uri" +"form-action" +"manifest-src" +"upgrade-insecure-requests" +"child-src" +"block-all-mixed-content" +"sandbox" +"worker-src" +"plugin-types" +"disown-opener" +"report-to" + +# directive values +"'self'" +"'unsafe-inline'" +"'unsafe-eval'" +"'none'" +"'strict-dynamic'" +"'unsafe-hashed-attributes'" +"'nonce-AA=='" +"'sha256-fw=='" +"'sha384-/w=='" +"'sha512-//8='" + +# subresources +"a" +"audio" +"embed" +"iframe" +"img" +"link" +"object" +"script" +"source" +"style" +"track" +"video" + +# sandboxing flags +"allow-forms" +"allow-pointer-lock" +"allow-popups" +"allow-same-origin" +"allow-scripts" +"allow-top-navigation" +"allow-top-navigation-by-user-activation" + +# URI components +"https:" +"ws:" +"blob:" +"data:" +"filesystem:" +"javascript:" +"http://" +"selfuri.com" +"127.0.0.1" +"::1" |