This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 249576

Summary: CSP (Content Security Policy) Meta tag's http-equiv="Content-Security-Policy" unsupported
Product: web Reporter: elennaro
Component: HTML EditorAssignee: Milutin Kristofic <mkristofic>
Status: NEW ---    
Severity: normal CC: DaveBolt, MichaelApproved
Priority: P3    
Version: 8.0.2   
Hardware: All   
OS: All   
Issue Type: DEFECT Exception Reporter:

Description elennaro 2014-12-30 18:04:37 UTC 
For details please read Specs: https://w3c.github.io/webappsec/specs/content-security-policy/#delivery-html-meta-element

How to reproduce. 
Simply write html code: 
    <html>
     <head>
       <meta http-equiv="Content-Security-Policy" content="script-src 'self'">
     ...

What happens. 
Netbeans shows warning:
Bad value "Content-Security-Policy" for attribute "http-equiv" on element "meta".
From line 6, column 3; to line 6, column 73
(Rule Category: Attributes)

What should happen.
Meta's http-equiv="Content-Security-Policy" should be recognized as a valid value.

Merry Christmas and happy new year to all!
Comment 1 Vladimir Riha 2015-02-06 16:51:16 UTC 
Reproducible, thank you for reporting.


Product Version: NetBeans IDE Dev (Build 201502050002)
Java: 1.8.0_25; Java HotSpot(TM) Client VM 25.25-b02
Runtime: Java(TM) SE Runtime Environment 1.8.0_25-b17
System: Linux version 3.13.0-35-generic running on i386; UTF-8; en_US (nb)
Comment 2 marste5310 2015-11-30 11:23:03 UTC 
Has this bug been corrected ? I am using Netbeans 8.0.2 in conjunction with Cordova 5 which now insists on implementing a White List Policy for external AJAX call.
Comment 3 elennaro 2015-11-30 14:10:44 UTC 
marste5310@netbeans.org please, vote for any bug you like to be fixed sooner.
Comment 4 DaveBolt 2017-10-23 21:20:28 UTC 
This is still an issue with version 8.2