Default Attribute
selfblob: āunsafe-inlineā āunsafe-evalā unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com
Policy Description
The HTTP Content-Security-Policy (CSP) script-src directive specifies valid sources for JavaScript. This includes not only URLs loaded directly intoĀ
<script>Ā elements, but also things like inline script event handlers (onclick) andĀ XSLTĀ stylesheets which can trigger script execution.