惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Forbes - Security
Forbes - Security
大猫的无限游戏
大猫的无限游戏
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Jina AI
Jina AI
美团技术团队
博客园 - 聂微东
博客园 - 叶小钗
Security Latest
Security Latest
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园_首页
Spread Privacy
Spread Privacy
J
Java Code Geeks
雷峰网
雷峰网
宝玉的分享
宝玉的分享
C
Cyber Attacks, Cyber Crime and Cyber Security
P
Privacy International News Feed
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threat Research - Cisco Blogs
The Hacker News
The Hacker News
量子位
L
LINUX DO - 热门话题
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
G
GRAHAM CLULEY
D
Darknet – Hacking Tools, Hacker News & Cyber Security
月光博客
月光博客
腾讯CDC
Last Week in AI
Last Week in AI
人人都是产品经理
人人都是产品经理
酷 壳 – CoolShell
酷 壳 – CoolShell
T
Tor Project blog
罗磊的独立博客
V
Vulnerabilities – Threatpost
Apple Machine Learning Research
Apple Machine Learning Research
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
有赞技术团队
有赞技术团队
Project Zero
Project Zero
Hugging Face - Blog
Hugging Face - Blog
爱范儿
爱范儿
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
T
Tenable Blog
MyScale Blog
MyScale Blog
T
The Exploit Database - CXSecurity.com
GbyAI
GbyAI
博客园 - 【当耐特】
O
OpenAI News
Schneier on Security
Schneier on Security
S
Secure Thoughts
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Securelist
博客园 - 司徒正美

Recent Commits to webappsec-csp:main

[Editorial] Compare origins with 'same origin', not 'is'. · w3c/webappsec-csp@4e01ae7 Fixing 'policy' local link text. · w3c/webappsec-csp@0051d16 Fixing status. · w3c/webappsec-csp@b1de5f1 Export a dfn. · w3c/webappsec-csp@e156259 [Editorial] 'policy' is a local term, not global. (#812) · w3c/webappsec-csp@3e24aea Add "text" destination type, for JavaScript text imports · w3c/webappsec-csp@7845c09 Attach self-origin to CSP list (#805) · w3c/webappsec-csp@3a5e595 Fix algorithms called with missing parameters (#806) · w3c/webappsec-csp@a20d8fb Add 'unsafe-webtransport-hashes' keyword to connect-src (#791) · w3c/webappsec-csp@1b8a543 Add missing closing tag for section (#800) · w3c/webappsec-csp@5bc6639 [Editorial] Fix broken references to Trusted Types spec (#790) · w3c/webappsec-csp@a131bcb Apply `strict-dynamic` to inline scripts. (#787) · w3c/webappsec-csp@13c7d8e [Editorial] Reference the algorithm instead of the section for parse-… · w3c/webappsec-csp@9dd7cf1 [Editorial] Fix reference to parse-metadata in SRI (#777) · w3c/webappsec-csp@1137e96 Fix path matching in match-url-to-source-expression (#773) · w3c/webappsec-csp@97e4a82 Change CSPViolationReportBody to dictionary (#737) · w3c/webappsec-csp@a441899 Further clarify post-request check (#730) · w3c/webappsec-csp@7690298 Fix URL in report-uri request (#731) · w3c/webappsec-csp@5c12cbb [Editorial] Fix missing input param of match-response-source-list (#732) · w3c/webappsec-csp@7092cef
[Editorial] Avoid nested parenthetical (#804) · w3c/webappsec-csp@8df1f5d
Krinkle · 2026-03-06 · via Recent Commits to webappsec-csp:main
Original file line numberDiff line numberDiff line change

@@ -659,8 +659,8 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity

659659
660660

4. Hosts such as `example.com` (which matches any resource on

661661

the host, regardless of scheme) or `*.example.com` (which

662-

matches any resource on the host's subdomains (and any of

663-

its subdomains' subdomains, and so on))

662+

matches any resource on the host's subdomains, and any of

663+

its subdomains' subdomains, and so on)

664664
665665

5. Nonces such as `'nonce-ch4hvvbHDpv7xCSvXCs3BrNggHdTzxUA'` (which can match

666666

specific elements on a page)