ericlaw1979 · September 27, 2018 21:50
diff --git a/CSPAnalyzer.js b/CSPAnalyzer.js
 // Note: This is for JScript.NET Mode FiddlerScript
 // Click Rules > Customize Rules. Inside the HANDLERS class, add the following block:

 	public BindUITab("🚫 CSPAnalyzer", "<html>")
 	static function CSPReport(arrSess: Session[]):String {
 		
 		if (arrSess.Length != 1) {
 			return "<!doctype html><html style=\"font-family: 'Segoe UI'; width:100%; height: 100%; background-color: #F1EDED\"><body style='align:center; vertical-align:middle'><div style=\"height: 100%; margin-top: 80px; text-align: center; vertical-align:middle;\" >Please select a single response to view details about its Content-Security-Policy.</div></body></html>";
 		}		
 		
 		var s = arrSess[0].ResponseHeaders["Content-Security-Policy"];
 		if (String.IsNullOrEmpty(s)) {
 			// TODO: Check for CSP in META tags too.
 			return "<!doctype html><html style=\"font-family: 'Segoe UI'; width:100%; height: 100%; background-color: #F1EDED\"><body style='align:center; vertical-align:middle'><div style=\"height: 100%; margin-top: 80px; text-align: center; vertical-align:middle;\" >This response did not contain a Content-Security-Policy header.</div></body></html>";
 		}
 	
 		s= Utilities.UrlEncode(s.Trim()).Replace("'","%27");
 		
 		var sURL = "https://csp-evaluator.withgoogle.com/?csp=" + s;		
 		var sHTML = "<!doctype html><html style=\"font-family: 'Segoe UI'\"><head><meta http-equiv='X-UA-Compatible' content='IE=edge'><style type='text/css'>body{margin: 0;height:100%}#i1 {width:100%;height:95vh;border:0}</style></head>" + 
 			"<body><a target='_blank' href="+sURL+">View Report in Browser</a><br /><iframe id='i1' src='" + sURL + "'></iframe></body></html>";
 	
 		return sHTML;
 	}
	// Note: This is for JScript.NET Mode FiddlerScript
	// Click Rules > Customize Rules. Inside the HANDLERS class, add the following block:

	public BindUITab("🚫 CSPAnalyzer", "<html>")
	static function CSPReport(arrSess: Session[]):String {

	if (arrSess.Length != 1) {
	return "<!doctype html><html style=\"font-family: 'Segoe UI'; width:100%; height: 100%; background-color: #F1EDED\"><body style='align:center; vertical-align:middle'><div style=\"height: 100%; margin-top: 80px; text-align: center; vertical-align:middle;\" >Please select a single response to view details about its Content-Security-Policy.</div></body></html>";
	}

	var s = arrSess[0].ResponseHeaders["Content-Security-Policy"];
	if (String.IsNullOrEmpty(s)) {
	// TODO: Check for CSP in META tags too.
	return "<!doctype html><html style=\"font-family: 'Segoe UI'; width:100%; height: 100%; background-color: #F1EDED\"><body style='align:center; vertical-align:middle'><div style=\"height: 100%; margin-top: 80px; text-align: center; vertical-align:middle;\" >This response did not contain a Content-Security-Policy header.</div></body></html>";
	}

	s= Utilities.UrlEncode(s.Trim()).Replace("'","%27");

	var sURL = "https://csp-evaluator.withgoogle.com/?csp=" + s;
	var sHTML = "<!doctype html><html style=\"font-family: 'Segoe UI'\"><head><meta http-equiv='X-UA-Compatible' content='IE=edge'><style type='text/css'>body{margin: 0;height:100%}#i1 {width:100%;height:95vh;border:0}</style></head>" +
	"<body><a target='_blank' href="+sURL+">View Report in Browser</a><br /><iframe id='i1' src='" + sURL + "'></iframe></body></html>";

	return sHTML;
	}