The CSP tool currently allows the user to provide anything in the URL field. It should only allow https: and perhaps some others such as data: Ideally 3rd party URLs should be validated against DPA agreements. Also it should check for duplicates.
The CSP tool currently allows the user to provide anything in the URL field.
It should only allow https: and perhaps some others such as data:
Ideally 3rd party URLs should be validated against DPA agreements.
Also it should check for duplicates.