enh(csp) add missing directives / keywords (#4191)

Author: probil

CHANGES.md

@@ -4,8 +4,14 @@ New Grammars:
 
 - added 3rd party Aiken grammar to SUPPORTED_LANGUAGES [Josh Marchand][]
 
+Core Grammars:
+
+- enh(csp) add missing directives / keywords from MDN (7 more) [Max Liashuk][]
+
 CONTRIBUTORS
-[Josh Marchand][https://github.com/yHSJ]
+
+[Josh Marchand]: https://github.com/yHSJ
+[Max Liashuk]: https://github.com/probil
 
 ## Version 11.11.1
 

src/languages/csp.js

@@ -15,6 +15,7 @@ export default function(hljs) {
     "child-src",
     "connect-src",
     "default-src",
+    "fenced-frame-src",
     "font-src",
     "form-action",
     "frame-ancestors",
@@ -24,10 +25,16 @@ export default function(hljs) {
     "media-src",
     "object-src",
     "plugin-types",
+    "report-to",
     "report-uri",
+    "require-trusted-types-for",
     "sandbox",
     "script-src",
+    "script-src-attr",
+    "script-src-elem",
     "style-src",
+    "style-src-attr",
+    "style-src-elem",
     "trusted-types",
     "unsafe-hashes",
     "worker-src"

test/detect/csp/default.txt

@@ -1,5 +1,13 @@
 Content-Security-Policy:
     default-src 'self';
     style-src 'self' css.example.com;
+    style-src-attr 'none';
+    style-src-elem https://example.com/;
     img-src *.example.com;
+    fenced-frame-src https://example.com/;
+    report-to name-of-endpoint;
+    require-trusted-types-for 'script';
+    script-src 'self';
+    script-src-attr 'none';
+    script-src-elem https://example.com/;
     script-src 'unsafe-eval' 'self' js.example.com 'nonce-Nc3n83cnSAd3wc3Sasdfn939hc3'

test/markup/csp/default.expect.txt

@@ -1,5 +1,13 @@
 <span class="hljs-attribute">Content-Security-Policy</span>:
     <span class="hljs-keyword">default-src</span> <span class="hljs-string">&#x27;self&#x27;</span>;
     <span class="hljs-keyword">style-src</span> <span class="hljs-string">&#x27;self&#x27;</span> css.example.com;
+    <span class="hljs-keyword">style-src-attr</span> <span class="hljs-string">&#x27;none&#x27;</span>;
+    <span class="hljs-keyword">style-src-elem</span> https://example.com/;
     <span class="hljs-keyword">img-src</span> *.example.com;
+    <span class="hljs-keyword">fenced-frame-src</span> https://example.com/;
+    <span class="hljs-keyword">report-to</span> name-of-endpoint;
+    <span class="hljs-keyword">require-trusted-types-for</span> <span class="hljs-string">&#x27;script&#x27;</span>;
+    <span class="hljs-keyword">script-src</span> <span class="hljs-string">&#x27;self&#x27;</span>;
+    <span class="hljs-keyword">script-src-attr</span> <span class="hljs-string">&#x27;none&#x27;</span>;
+    <span class="hljs-keyword">script-src-elem</span> https://example.com/;
     <span class="hljs-keyword">script-src</span> <span class="hljs-string">&#x27;unsafe-eval&#x27;</span> <span class="hljs-string">&#x27;self&#x27;</span> js.example.com <span class="hljs-string">&#x27;nonce-Nc3n83cnSAd3wc3Sasdfn939hc3&#x27;</span>

test/markup/csp/default.txt

@@ -1,5 +1,13 @@
 Content-Security-Policy:
     default-src 'self';
     style-src 'self' css.example.com;
+    style-src-attr 'none';
+    style-src-elem https://example.com/;
     img-src *.example.com;
+    fenced-frame-src https://example.com/;
+    report-to name-of-endpoint;
+    require-trusted-types-for 'script';
+    script-src 'self';
+    script-src-attr 'none';
+    script-src-elem https://example.com/;
     script-src 'unsafe-eval' 'self' js.example.com 'nonce-Nc3n83cnSAd3wc3Sasdfn939hc3'