{"json_modified": "2016-03-28T07:40:32.469699", "uuid": "99d10e68-c780-4492-bb7b-f59ee4385d1d", "title": "Default CSP restrictions", "url": "/en-US/docs/Web/Security/CSP/Default_CSP_restrictions", "tags": ["Security", "Content Security Policy"], "translations": [{"uuid": "95acc27e-f683-4baa-8b63-698e92250779", "title": "\u30c7\u30d5\u30a9\u30eb\u30c8\u306e CSP \u306b\u3088\u308b\u5236\u9650", "url": "/ja/docs/Web/Security/CSP/Default_CSP_restrictions", "tags": ["Security", "Content Security Policy"], "summary": "By default, when CSP\u00a0is in effect, a certain set of restrictions is put in place. Web servers can adjust these restrictions to suit the needs of the web sites or applications they're running by using <a href=\"/ja/Security/CSP/CSP_policy_directives\" title=\"ja/Security/CSP/CSP policy directives\">policy directives</a> to change individual policy areas. If you don't customize a specific policy area, the configuration described below is used.", "localization_tags": [], "locale": "ja", "last_edit": "2016-02-13T03:53:43", "review_tags": []}], "modified": "2014-04-16T15:15:15", "label": "Default CSP restrictions", "localization_tags": [], "locale": "en-US", "id": 208, "last_edit": "2014-04-16T15:15:15", "summary": "By default, when CSP\u00a0is in effect, a certain set of restrictions is put in place. Web servers can adjust these restrictions to suit the needs of the web sites or applications they're running by using <a href=\"/en/Security/CSP/CSP_policy_directives\" title=\"en/Security/CSP/CSP policy directives\">policy directives</a> to change individual policy areas. If you don't customize a specific policy area, the configuration described below is used.", "sections": [{"id": "Inline_JavaScript", "title": "Inline JavaScript"}, {"id": "Restricted_scripts", "title": "Restricted scripts"}, {"id": "Internal_<script>_nodes", "title": "Internal <script> nodes"}, {"id": "javascript_URIs", "title": "javascript:\u00a0URIs"}, {"id": "Event-handling_attributes_specified_in_HTML", "title": "Event-handling attributes specified in HTML"}, {"id": "Justification", "title": "Justification"}, {"id": "Attack_types_mitigated", "title": "Attack types mitigated"}, {"id": "Code_in_strings", "title": "Code in strings"}, {"id": "eval()", "title": "eval()"}, {"id": "setTimeout()_and_setInterval()", "title": "setTimeout() and setInterval()"}, {"id": "Function_constructor", "title": "Function constructor"}, {"id": "Justification_2", "title": "Justification"}, {"id": "Attack_types_mitigated_2", "title": "Attack types mitigated"}, {"id": "data_URIs", "title": "data:\u00a0URIs"}, {"id": "Justification_3", "title": "Justification"}, {"id": "XBL_bindings", "title": "XBL bindings"}, {"id": "Justification_4", "title": "Justification"}, {"id": "Example", "title": "Example"}, {"id": "Optional_CSP_directives_must_refer_to_the_same_host", "title": "Optional CSP\u00a0directives must refer to the same host"}, {"id": "Justification_5", "title": "Justification"}, {"id": "See_also", "title": "See also"}], "slug": "Web/Security/CSP/Default_CSP_restrictions", "review_tags": []}