Update: /12-appendices/01-implementation-dos-donts/05-content-security-policy

**Describe what change you would like** :  
I propose the removal of lines 46 and 47 since all of the options are unsafe:

- `unsafe-inline` is obviously counter-productive, as it is correctly said at line 47.
- `unsafe-eval` allows eval. 
- `https:` allows ALL scripts using HTTPS to be executed.

**Context** :  
Section: [12-appendices/01-implementation-dos-donts/05-content-security-policy](https://github.com/OWASP/DevGuide/blob/main/docs/en/12-appendices/01-implementation-dos-donts/05-content-security-policy.md)

Accessible on: [https://devguide.owasp.org/en/12-appendices/01-implementation-dos-donts/05-content-security-policy/](https://devguide.owasp.org/en/12-appendices/01-implementation-dos-donts/05-content-security-policy/)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Update: /12-appendices/01-implementation-dos-donts/05-content-security-policy #115

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Update: /12-appendices/01-implementation-dos-donts/05-content-security-policy #115

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions