In 25f5fd2a the `media-src`, `child-src` and `connect-src`
settings were removed, as they are filled with the `default-src` automatically.
This caused a bug in the test code, as it now tried to access a
nonexistent field of `unextendedCSP`.
This commit adds a filter that removes the empty array field
before converting to a string.
Signed-off-by: David Mehren <git@herrmehren.de>
This update of revealJS helps us to get rid of the headjs depedency
integration using webpack. It updates reveal.js to 3.9.2 and updates the
csp hash accordingly for using the slide mode.
Background for this update is the critical security vulnerability
described by snyk in their disclosure:
https://snyk.io/vuln/SNYK-JS-REVEALJS-543841
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Since we lack of tests but got some great point to start, let's write
more tests.
This patch provides some basic tests for our CSP library. It's more an
integration than a unit test, but gets the job done.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>