惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

G
Google Developers Blog
S
Schneier on Security
The Hacker News
The Hacker News
P
Proofpoint News Feed
Spread Privacy
Spread Privacy
L
LINUX DO - 热门话题
L
Lohrmann on Cybersecurity
I
Intezer
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Schneier on Security
Schneier on Security
Security Latest
Security Latest
AWS News Blog
AWS News Blog
B
Blog RSS Feed
Microsoft Security Blog
Microsoft Security Blog
有赞技术团队
有赞技术团队
博客园 - 叶小钗
The Last Watchdog
The Last Watchdog
O
OpenAI News
月光博客
月光博客
Hacker News: Ask HN
Hacker News: Ask HN
阮一峰的网络日志
阮一峰的网络日志
S
Security @ Cisco Blogs
Google Online Security Blog
Google Online Security Blog
云风的 BLOG
云风的 BLOG
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Latest news
Latest news
P
Palo Alto Networks Blog
Last Week in AI
Last Week in AI
M
MIT News - Artificial intelligence
Google DeepMind News
Google DeepMind News
P
Proofpoint News Feed
C
CERT Recently Published Vulnerability Notes
Apple Machine Learning Research
Apple Machine Learning Research
U
Unit 42
PCI Perspectives
PCI Perspectives
博客园 - 聂微东
SecWiki News
SecWiki News
宝玉的分享
宝玉的分享
Forbes - Security
Forbes - Security
H
Heimdal Security Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Hugging Face - Blog
Hugging Face - Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
T
Troy Hunt's Blog
博客园 - 三生石上(FineUI控件)
Application and Cybersecurity Blog
Application and Cybersecurity Blog
罗磊的独立博客
WordPress大学
WordPress大学
D
Darknet – Hacking Tools, Hacker News & Cyber Security

Recent Commits to webappsec-csp:main

[Editorial] Compare origins with 'same origin', not 'is'. · w3c/webappsec-csp@4e01ae7 Fixing 'policy' local link text. · w3c/webappsec-csp@0051d16 Fixing status. · w3c/webappsec-csp@b1de5f1 Export a dfn. · w3c/webappsec-csp@e156259 [Editorial] 'policy' is a local term, not global. (#812) · w3c/webappsec-csp@3e24aea Add "text" destination type, for JavaScript text imports · w3c/webappsec-csp@7845c09 Attach self-origin to CSP list (#805) · w3c/webappsec-csp@3a5e595 [Editorial] Avoid nested parenthetical (#804) · w3c/webappsec-csp@8df1f5d Add 'unsafe-webtransport-hashes' keyword to connect-src (#791) · w3c/webappsec-csp@1b8a543 Add missing closing tag for section (#800) · w3c/webappsec-csp@5bc6639 [Editorial] Fix broken references to Trusted Types spec (#790) · w3c/webappsec-csp@a131bcb Apply `strict-dynamic` to inline scripts. (#787) · w3c/webappsec-csp@13c7d8e [Editorial] Reference the algorithm instead of the section for parse-… · w3c/webappsec-csp@9dd7cf1 [Editorial] Fix reference to parse-metadata in SRI (#777) · w3c/webappsec-csp@1137e96 Fix path matching in match-url-to-source-expression (#773) · w3c/webappsec-csp@97e4a82 Change CSPViolationReportBody to dictionary (#737) · w3c/webappsec-csp@a441899 Further clarify post-request check (#730) · w3c/webappsec-csp@7690298 Fix URL in report-uri request (#731) · w3c/webappsec-csp@5c12cbb [Editorial] Fix missing input param of match-response-source-list (#732) · w3c/webappsec-csp@7092cef
Fix algorithms called with missing parameters (#806) · w3c/webappsec-csp@a20d8fb
antosart · 2026-03-09 · via Recent Commits to webappsec-csp:main
Original file line numberDiff line numberDiff line change

@@ -1207,8 +1207,8 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity

12071207

1. <a for=set>For each</a> |directive| of |policy|:

12081208
12091209

1. Execute |directive|'s <a for="directive">initialization</a>

1210-

algorithm on |document|, and assert: its returned value is

1211-

"`Allowed`".

1210+

algorithm on |document| and |policy|, and assert: its returned

1211+

value is "`Allowed`".

12121212
12131213

<h4 id="get-csp-of-object" algorithm>

12141214

Retrieve the <a for="global object">CSP list</a> of an |object|

@@ -1324,7 +1324,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity

13241324
13251325

2. If |directive|'s <a for="directive">inline check</a>

13261326

returns "`Allowed`" when executed upon null,

1327-

"`navigation`" and |navigation request|'s <a for="request">current URL</a>,

1327+

"`navigation`", |policy|, and |navigation request|'s <a for="request">current URL</a>,

13281328

skip to the next |directive|.

13291329
13301330

3. Otherwise, let |violation| be the result of executing

@@ -1428,7 +1428,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity

14281428

1. <a for=set>For each</a> |directive| of |policy|:

14291429
14301430

1. Execute |directive|'s <a for="directive">initialization</a> algorithm on

1431-

|global|. If its returned value is "`Blocked`", then set |result| to

1431+

|global| and |policy|. If its returned value is "`Blocked`", then set |result| to

14321432

"`Blocked`".

14331433
14341434

3. Return |result|.

@@ -1452,7 +1452,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity

14521452

2. <a for=list>For each</a> |policy| of |global|'s [=global object/CSP list=]:

14531453

1. <a for=set>For each</a> |directive| of |policy|:

14541454

1. If |directive|'s <a for="directive">webrtc pre-connect check</a>

1455-

returns "`Allowed`", [=iteration/continue=].

1455+

returns "`Allowed`" when executed upon |policy|, [=iteration/continue=].

14561456
14571457

2. Otherwise, let |violation| be the result of executing

14581458

[[#create-violation-for-global]] on |global|, |policy|, and