disable-inline-and-eval

Info
Code
History
Feedback (0)
Stats

disable-inline-and-eval

Use a default Content Security Policy to prevent inline JavaScript and eval from working.

As of 2015-07-14. See the latest version.

Ask a question, post a review, or report the script.

// ==UserScript==
// @name         disable-inline-and-eval
// @namespace    https://github.com/ahuanguchi
// @version      1.0.0
// @description  Use a default Content Security Policy to prevent inline JavaScript and eval from working.
// @author       ahuanguchi
// @match        http*://*/*
// @grant        none
// @run-at       document-start
// ==/UserScript==

var csp = document.createElement("meta");
csp.setAttribute("http-equiv", "Content-Security-Policy")
csp.setAttribute("content", "script-src *")
document.head.appendChild(csp);