dom/security/fuzztest/csp_fuzzer.dict

   1 ### dom/security/nsCSPParser.cpp
   2 # tokens
   3 ":"
   4 ";"
   5 "/"
   6 "+"
   7 "-"
   8 "."
   9 "_"
  10 "~"
  11 "*"
  12 "'"
  13 "#"
  14 "?"
  15 "%"
  16 "!"
  17 "$"
  18 "&"
  19 "("
  20 ")"
  21 "="
  22 "@"
  23
  24 ### https://www.w3.org/TR/{CSP,CSP2,CSP3}/
  25 # directive names
  26 "default-src"
  27 "script-src"
  28 "object-src"
  29 "style-src"
  30 "img-src"
  31 "media-src"
  32 "frame-src"
  33 "font-src"
  34 "connect-src"
  35 "report-uri"
  36 "frame-ancestors"
  37 "reflected-xss"
  38 "base-uri"
  39 "form-action"
  40 "manifest-src"
  41 "upgrade-insecure-requests"
  42 "child-src"
  43 "block-all-mixed-content"
  44 "sandbox"
  45 "worker-src"
  46 "plugin-types"
  47 "disown-opener"
  48 "report-to"
  49
  50 # directive values
  51 "'self'"
  52 "'unsafe-inline'"
  53 "'unsafe-eval'"
  54 "'none'"
  55 "'strict-dynamic'"
  56 "'unsafe-hashed-attributes'"
  57 "'nonce-AA=='"
  58 "'sha256-fw=='"
  59 "'sha384-/w=='"
  60 "'sha512-//8='"
  61
  62 # subresources
  63 "a"
  64 "audio"
  65 "embed"
  66 "iframe"
  67 "img"
  68 "link"
  69 "object"
  70 "script"
  71 "source"
  72 "style"
  73 "track"
  74 "video"
  75
  76 # sandboxing flags
  77 "allow-forms"
  78 "allow-pointer-lock"
  79 "allow-popups"
  80 "allow-same-origin"
  81 "allow-scripts"
  82 "allow-top-navigation"
  83 "allow-top-navigation-by-user-activation"
  84
  85 # URI components
  86 "https:"
  87 "ws:"
  88 "blob:"
  89 "data:"
  90 "filesystem:"
  91 "javascript:"
  92 "http://"
  93 "selfuri.com"
  94 "127.0.0.1"
  95 "::1"