jekyll-content-security-policy-generator Plugin
This Jekyll plugin automatically builds an HTML content-security-policy for a Jekyll site. The plugin
will scan .html files generated by Jekyll and attempt to locate images, styles, scripts, frames etc and build a
content security policy HTML meta tag. The script will also generate SHA256 hashes for inline scripts and styles. If
the script finds elements with style attributes <div style="color: red"></div>, the script will extract the style
information and build a style element to which will also pass through the content security policy generation.
Goal
To speed up development of Jekyll based sites whilst also helping to generate secure HTMl files protected from XSS.
Features
- Scans for
.htmlfiles generated by Jekyll. - Finds inline scripts such as
<script>alert("Hello World!");</script>and generates an SHA256 hash. - Finds inline styles such as
<style>.hello { color: "red"; }</style>and generates an SHA256 hash. - Creates or reuses an HTTP meta tag for the content security policy.
- Finds all images, styles, scripts and frames with external URLs and builds CSP.
- Converts style attributes into
<style>elements.
Installation
Install the gem:
gem install jekyll-content-security-policy-generator
Then add this to your _config.yml:
plugins:
- jekyll-content-security-policy-generator