During a web application assessment, a security consultant observes that even though the application has a CSP header, it uses the unsafe-inline directive for scripts. What potential risk does this pose?

  • It allows any script to run on the page
  • It disallows all inline scripts
  • It only allows scripts from external sources
  • It restricts all scripting entirely
Using the unsafe-inline directive for scripts in a CSP is risky because it allows any inline script to run on the page. This essentially undermines the security benefits of CSP by permitting potentially harmful inline scripts, which is a security vulnerability.
Add your answer
Loading...

Leave a comment

Your email address will not be published. Required fields are marked *