disable-inline-and-eval

Use a default Content Security Policy to prevent inline JavaScript and eval from working.

当前为 2015-07-14 提交的版本,查看 最新版本

  1. // ==UserScript==
  2. // @name         disable-inline-and-eval
  3. // @namespace    https://github.com/ahuanguchi
  4. // @version      1.0.0
  5. // @description  Use a default Content Security Policy to prevent inline JavaScript and eval from working.
  6. // @author       ahuanguchi
  7. // @match        http*://*/*
  8. // @grant        none
  9. // @run-at       document-start
  10. // ==/UserScript==
  11.  
  12. var csp = document.createElement("meta");
  13. csp.setAttribute("http-equiv", "Content-Security-Policy")
  14. csp.setAttribute("content", "script-src *")
  15. document.head.appendChild(csp);