ABOUT US

What is the unsafe-inline?

"The unsafe-inline Content Security Policy (CSP) keyword allows the execution of inline scripts or styles."

"Allows the use of inline resources, such as inline <script> elements, javascript: URLs, inline event handlers, and inline <style> elements."

If you add unsafe-inline keyword to your policy, attacker can try something like this.

/site?query=<script>alert('unsafe')</script>

For more information:

The meaning of unsafe-inline is a little different for us.

Unsafe-inline is a team that aim to develop security software, research vulnerability on various platforms.