Indicates inline content on the page is allowed to be interpreted. It is
highly recommended that this not be used, as it exposes your application to
cross-site scripting and other vulnerabilities.
If not specified for JavaScript, JavaScript on* event handler attributes,
<script> elements, and javascript: URIs will not be executed by a
browser that supports content security policies.
If not specified for stylesheets, <style> elements and inline style
attributes will not be read by a browser that supports content security
policies.
Indicates inline content on the page is allowed to be interpreted. It is highly recommended that this not be used, as it exposes your application to cross-site scripting and other vulnerabilities.
If not specified for JavaScript, JavaScript
on*
event handler attributes,<script>
elements, andjavascript:
URIs will not be executed by a browser that supports content security policies.If not specified for stylesheets,
<style>
elements and inlinestyle
attributes will not be read by a browser that supports content security policies.