1. Support Center
  2. Issue Definitions
  3. Content security policy: allows untrusted script execution

Content security policy: allows untrusted script execution

Description: Content security policy: allows untrusted script execution

Content Security Policy (CSP) is a security mechanism designed to mitigate cross-site scripting attacks by disabling dangerous behaviours such as untrusted JavaScript execution. Websites can specify their security policy in a response header or meta tag, enabling fine-grained control over dangerous features like scripts and stylesheets.

Remediation: Content security policy: allows untrusted script execution

Mitigate cross-site scripting by avoiding 'unsafe-inline', 'unsafe-eval', data: URLs, and global wildcards in script directives. Use a secure, random nonce of at least 8 characters 'nonce-RANDOM' to prevent untrusted JavaScript execution.

References

Vulnerability classifications

Typical severity

Information

Type index (hex)

0x00200504

Type index (decimal)

2098436

Burp Scanner

This issue - and many more like it - can be found using our web vulnerability scanner

Read more

Get Burp

Scan your web application from just $449.00

Find out more