CSP evaluator doesn't support newest the newest CSP directives and keywords and breaks some policies

Like stated in #54 and #56 there are some additions to CSP that the evaluator does not recognize, which makes it inaccurate in analyzing most up-to-date policies. The directives that aren't supported include but aren't limited to:
1. `wasm-unsafe-eval` #54,  [Mozilla](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_webassembly_execution)
2. `inline-speculation-rules` #56
3. `unsafe-hashes`[CSP.com](https://content-security-policy.com/unsafe-hashes/), [Mozilla](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_hashes)
Also, the evaluator gets the some keywords wrong , for example hashes, and autocompletes to sha-512- and sha-384- in stead of sha512- and sha384- which breaks the policy by prodiving inaccurate keywords.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CSP evaluator doesn't support newest the newest CSP directives and keywords and breaks some policies #60

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CSP evaluator doesn't support newest the newest CSP directives and keywords and breaks some policies #60

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions