Skip to content
/ csp Public

Because Security Matters, and Web libraries, tools, and projects, should be more informative about their state.

15 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

WebReflection/csp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 
friendly.svg
friendly.svg
 
 
hostile.svg
hostile.svg
 
 
security-matters.jpg
security-matters.jpg
 
 
strict.svg
strict.svg
 
 

Repository files navigation

CSP Badge CSP strict CSP friendly CSP hostile

Security Matters

Social Media Photo by Franck on Unsplash

This repository exists only to allow other repositories to add a badge about the CSP state of the module, library, or helper.

The offered SVG images are the following:

  • CSP strict suitable for projects that don't use eval or Function or scripts served as Blob, hence don't ever need any particular CSP rule
  • CSP friendly suitable for projects that might need particular CSP rules to fully work as expected
  • CSP hostile for all projects humble enough to declare such project is everything but secure, and inform users about the risk they might have if such project is used in production

CSP strict CSP strict

The project does not need any specific CSP configuration because it does not include, use, or inject, any Function, eval, or other workarounds to evaluate anything at all, hence the security is granted to be the best possible.

CSP friendly CSP friendly

The project might need some specific CSP configuration, because it could need to use Function, eval, or any other workaround to evaluate code at runtime, hence security needs to be considered, and best practices followed.

CSP hostile CSP hostile

The project shamelessly needs, use, or pollute the running software, with Function, eval, or any other workaround to evaluate code at runtime, so that even CSP might not be enough to grant a secure execution of the program.

How to include

If your project would like to inform its users about its CSP compliancy, you can add one of these badges on top of your GitHub, GitLab, or any other service, so that it'll be instantly visible:

Markdown - Basic

![CSP strict](https://webreflection.github.io/csp/strict.svg)
![CSP friendly](https://webreflection.github.io/csp/friendly.svg)
![CSP hostile](https://webreflection.github.io/csp/hostile.svg)

Markdown - Informative

[![CSP strict](https://webreflection.github.io/csp/strict.svg)](https://webreflection.github.io/csp/#-csp-strict)
[![CSP friendly](https://webreflection.github.io/csp/friendly.svg)](https://webreflection.github.io/csp/#-csp-friendly)
[![CSP hostile](https://webreflection.github.io/csp/hostile.svg)](https://webreflection.github.io/csp/#-csp-hostile)

HTML - Basic

<img alt="CSP strict" src="https://webreflection.github.io/csp/strict.svg">
<img alt="CSP friendly" src="https://webreflection.github.io/csp/friendly.svg">
<img alt="CSP hostile" src="https://webreflection.github.io/csp/hostile.svg">

HTML - Informative

<a href="https://webreflection.github.io/csp/#-csp-strict">
  <img alt="CSP strict" src="https://webreflection.github.io/csp/strict.svg">
</a>
<a href="https://webreflection.github.io/csp/#-csp-friendly">
  <img alt="CSP friendly" src="https://webreflection.github.io/csp/friendly.svg">
</a>
<a href="https://webreflection.github.io/csp/#-csp-hostile">
  <img alt="CSP hostile" src="https://webreflection.github.io/csp/hostile.svg">
</a>

About

Because Security Matters, and Web libraries, tools, and projects, should be more informative about their state.

Topics

security csp badge

Resources

Readme
Activity

Stars

15 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published