csp-util
v1.0.0
Published
Content-Security-Policy utils
Downloads
4
Readme
javascript-csp-util
Content-Security-Policy utils, i.e. CSP parser in compliance with the W3C CSP Level 2 and CSP Level 3 specs.
ABNF
see https://www.w3.org/TR/CSP2/#policy-syntax
and https://www.w3.org/TR/CSP3/#framework
serialized-policy = serialized-directive *( OWS ";" [ OWS serialized-directive ] )
serialized-directive = directive-name [ RWS directive-value ]
directive-name = 1*( ALPHA / DIGIT / "-" )
directive-value = *( %x09 / %x20-%x2B / %x2D-%x3A / %x3C-%7E )
; Directive values may contain whitespace and VCHAR characters,
; excluding ";" and ","
Usage
npm install github.com/templarbit/javascript-csp-util
let csputil = require('javascript-csp-util')
try {
let directives = csputil.parseDirectives("default-src 'self'; script-src 'self'; object-src 'self'; base-uri 'none'; report-uri https://logs.templarbit.com/csp/xxkey/reports")
} catch (ex) {
if( ex instanceof csputil.UnknownDirectiveNameError ) {
// presence of unknown directive detected
} else if( ex instanceof csputil.DuplicateDirectiveError ) {
// presence of duplicated directives detected
} else if( ex instanceof csputil.DeprecatedDirectiveNameError ) {
// presence of deprecated directive detected
} else {
//general error
}
}
Other languages
Docs
- Chromium Content Security Policy implementation https://cs.chromium.org/chromium/src/content/common/content_security_policy/?type=cs&sq=package:chromium