https://github.com/muratgozel/csp-dev

Spec compliant content security policy builder and parser. 🚨
https://github.com/muratgozel/csp-dev

content-security-policy csp csp-builder csp-parser

Last synced: 11 months ago
JSON representation

Spec compliant content security policy builder and parser. 🚨

• Host: GitHub
• URL: https://github.com/muratgozel/csp-dev
• Owner: muratgozel
• License: mit
• Created: 2020-05-19T15:56:09.000Z (about 6 years ago)
• Default Branch: master
• Last Pushed: 2022-11-12T02:21:45.000Z (over 3 years ago)
• Last Synced: 2024-04-29T22:59:41.276Z (about 2 years ago)
• Topics: content-security-policy, csp, csp-builder, csp-parser
• Language: JavaScript
• Homepage:
• Size: 15.6 KB
• Stars: 3
• Watchers: 1
• Forks: 0
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

README

          
# csp-dev

Spec compliant content security policy builder and parser. 🚨

![NPM](https://img.shields.io/npm/l/csp-dev)

[![npm version](https://badge.fury.io/js/csp-dev.svg)](https://badge.fury.io/js/csp-dev)

![npm bundle size](https://img.shields.io/bundlephobia/min/csp-dev)

![npm](https://img.shields.io/npm/dy/csp-dev)

## Install

```sh

npm i -D csp-dev

```

## Use

### Build Policy

```js

const ContentSecurityPolicy = require('csp-dev')

const builder = new ContentSecurityPolicy()

builder.newDirective('script-src', ['self', 'unsafe-inline', 'nonce-2726c7f26c', '*.test.com'])

builder.newDirective('default-src', 'self')

builder.newDirective('style-src', 'data:')

// or by loading an object

const builder2 = new ContentSecurityPolicy()

builder2.load({

  'default-src': ['self'],

  'script-src': [

    'self', 'unsafe-inline', 'nonce-2726c7f26c', '*.test.com'

  ],

  'style-src': ['data:']

})

```

### Parse Policy Data

```js

const ContentSecurityPolicy = require('csp-dev')

const data = `

default-src 'self';

script-src 'self' 'unsafe-inline' 'nonce-2726c7f26c' *.test.com;

style-src data:

`

const parser = new ContentSecurityPolicy(data)

parser.valid() // true|false

```

### Share

Share data as **json**, spec compliant csp **string** or **html** meta tag:

```js

parser.share('json')

`

{

  'default-src': ['self'],

  'script-src': [

    'self', 'unsafe-inline', 'nonce-2726c7f26c', '*.test.com'

  ],

  'style-src': ['data:']

}

`

parser.share('string')

`

default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-2726c7f26c' *.test.com; style-src data:

`

parser.share('html')

`

`

```

## Tests

See `spec` folder for tests. I'll expand the test suite as I update the library. You can run tests by `npm run test`

## Notes

The reporting feature of csp hasn't been implemented. I haven't get fully understand but I think there is no accepted standart to it for now.

---

Thanks for watching 🐬

[![ko-fi](https://www.ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/F1F1RFO7)

---

Version management of this repository done by [releaser](https://github.com/muratgozel/node-releaser) 🚀