-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove misconfigured WTFs #71
Comments
No, these styles are not present on the website and |
actually first one is probably from this extension https://github.com/daidaiworm/vimium see this file https://searchcode.com/codesearch/view/26916074/ |
Looking at second one I suspect it is also some SEO/malware extension to spam forums with SEO links as this snippet could be found alot on different message boards and it it adds extra styles to seo-related links. |
Close as explained? |
@MaceWindu yes, closed :) |
Many of the WTFs are just the result of misconfigured CSP directives. For example:
Those are both lacking
'self'
forstyle-src
, so their styles are getting blocked.A good chunk of the
script-sample
entries fall into this category. Anything withblocked-uri: self
should be considered to be a misconfiguration--the developer is simply missing'self'
.The text was updated successfully, but these errors were encountered: