Merge pull request #46 from chocolate-pie/allow-eval-by-default

fix: Allow evaluation by default when `script-src` and `default-src` aren't passed
rust-ammonia · Jul 28, 2024 · fe4224c · fe4224c
2 parents 5635525 + 5be5cca
commit fe4224c
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/src/lib.rs b/src/lib.rs
@@ -998,7 +998,7 @@ impl Directive {
                 AllowResult::Allows => CheckResult::Allowed,
                 AllowResult::DoesNotAllow => CheckResult::Blocked,
             },
-            _ => CheckResult::Blocked
+            _ => CheckResult::Allowed
         }
     }
     /// https://www.w3.org/TR/CSP/#can-compile-wasm-bytes
@@ -1009,7 +1009,7 @@ impl Directive {
                 AllowResult::Allows => CheckResult::Allowed,
                 AllowResult::DoesNotAllow => CheckResult::Blocked
             },
-            _ => CheckResult::Blocked
+            _ => CheckResult::Allowed
         }
     }
 }

diff --git a/tests/examples.rs b/tests/examples.rs
@@ -471,5 +471,12 @@ test_should_js_wasm_evaluation_be_blocked!{
         disposition: Report,
         kind: is_wasm_evaluation_allowed,
         result: Allowed
+    ),
+    (
+        name: eval_javascript_works_if_multiple_policies_were_passed,
+        policy: "script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self';",
+        disposition: Enforce,
+        kind: is_js_evaluation_allowed,
+        result: Allowed
     )
 }