2CONSOLE ERROR: line 20: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'sha1-zv73epHrGLk/k/onuSBPoZAxzaA=' 'sha256-U4Gr+1CJNHI/q8KjKw7YgdNNzwOinyKeRC4leoWXeMU='". Either the 'unsafe-inline' keyword, a hash ('sha256-4zs9B+JoNkf0GX3byfHXqy+cOrm+NLeaXK5frOFrWK8='), or a nonce ('nonce-...') is required to enable inline execution.
3This tests Unicode normalization. While appearing the same, the strings in the scripts are different Unicode points, but through normalization, should be the same when the hash is taken.
3
4This tests Unicode normalization. While appearing the same, the strings in the scripts are different Unicode points. Unicode NFC normalization would make both match the hash, but normalization should not be performed, and so the second script should not run.
Issue 1420483005: CSP: Don't perform NFC normalization prior to hashing
(Closed)
Created 5 years, 1 month ago by jsbell
Modified 5 years, 1 month ago
Reviewers: chrishtr, jww
Base URL: https://chromium.googlesource.com/chromium/src.git@nfc-frame
Comments: 5