CSP-Validator 是 Sublime Text2 的插件,能够检测 JavaScript, HTML 和 CSS 中的内容是否满足内容安全政策。目前它支持检测以下项目:
-
Inline scripts
-
Images and scripts with src attributes with http(s) protocols
-
Use of eval or new Function
-
setTimeout with a string param (this is only explicit usage of a string, not if it's passed as a variable)
-
Attempting to load resources in CSS with http(s) protocols