From 5be5cca9b305c9c29630c047a9b596c675f34d36 Mon Sep 17 00:00:00 2001 From: Chocolate Pie <106949016+chocolate-pie@users.noreply.github.com> Date: Sun, 28 Jul 2024 19:08:02 +0900 Subject: [PATCH] fix: Allow evaluation by default when `script-src` and `default-src` aren't passed --- src/lib.rs | 4 ++-- tests/examples.rs | 7 +++++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index 44a09dd..9343f7b 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -998,7 +998,7 @@ impl Directive { AllowResult::Allows => CheckResult::Allowed, AllowResult::DoesNotAllow => CheckResult::Blocked, }, - _ => CheckResult::Blocked + _ => CheckResult::Allowed } } /// https://www.w3.org/TR/CSP/#can-compile-wasm-bytes @@ -1009,7 +1009,7 @@ impl Directive { AllowResult::Allows => CheckResult::Allowed, AllowResult::DoesNotAllow => CheckResult::Blocked }, - _ => CheckResult::Blocked + _ => CheckResult::Allowed } } } diff --git a/tests/examples.rs b/tests/examples.rs index 7ef869e..1bbe136 100644 --- a/tests/examples.rs +++ b/tests/examples.rs @@ -471,5 +471,12 @@ test_should_js_wasm_evaluation_be_blocked!{ disposition: Report, kind: is_wasm_evaluation_allowed, result: Allowed + ), + ( + name: eval_javascript_works_if_multiple_policies_were_passed, + policy: "script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self';", + disposition: Enforce, + kind: is_js_evaluation_allowed, + result: Allowed ) }