Prevent XSS Attacks using Content Security Policy

DRANK

Today, I am working my project and make a script that downloads the other scripts. To test script working fine, I m trying to run this script in the console of opened website.I tried it on my own website, it works fine but when I try to run the script in Gmail website console. I got an error:Refused to load the script ' because it violates the following Content Security Policy directive: "script-src  'self' 'unsafe-inline' 'unsafe-eval'   https://*.talkgadget.google.com/           saw this error in console screen, so try to find the why Gmail does n't allow me. In error, I found the Content security policy. This is property who tell the browser which content needs to be download on a page.The Content-Security-Policy meta-tag allows you to reduce the risk of XSS attacks by allowing you to define where resources can be loaded from, preventing browsers from loading data from any other locations. This makes it harder for an attacker to inject ma…