Skip to content


Subversion checkout URL

You can clone with
Download ZIP
A CSP Validation Plugin for Sublime Text 2
Fetching latest commit...
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
Default (Linux).sublime-keymap
Default (OSX).sublime-keymap
Default (Windows).sublime-keymap

CSP Validator


This is a Sublime Text 2 plugin that checks your JavaScript, HTML and CSS for potential Content Security Policy issues. If you're new to Content Security Policy there is, in fact, an HTML5 Rocks article for that!

Right now the plugin checks for:

  • Inline scripts
  • Images and scripts with src attributes with http(s) protocols
  • Use of eval or new Function
  • setTimeout with a string param (this is only explicit usage of a string, not if it's passed as a variable)
  • Attempting to load resources in CSS with http(s) protocols


Right now you need to clone this repo into your packages folder (typically ~/Library/Application Support/Sublime Text 2/Packages).

cd ~/Library/Application\ Support/Sublime\ Text\ 2/Packages
git clone git://

Or on Windows:

cd c:\users\YOUR_ACCOUNT\AppData\Roaming\Sublime Text 2\Packages
git clone git://

Please note: this is only an alpha release. Once all the issues are ironed out I'll request to be added to Package Control.


Just code away and all being well you will receive warnings as the plugin finds them. If for any reason you want to disable the warnings you can use Ctrl + Option + Shift + C (or Alt on PC instead of Option) to disable the plugin.

Something went wrong with that request. Please try again.