script-src

Default Attribute

selfblob: ā€˜unsafe-inlineā€™ ā€˜unsafe-evalā€™ unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com

Policy Description

The HTTP Content-Security-Policy (CSP) script-src directive specifies valid sources for JavaScript. This includes not only URLs loaded directly intoĀ <script>Ā elements, but also things like inline script event handlers (onclick) andĀ XSLTĀ stylesheets which can trigger script execution.