In base al link , "ReactNative as using the notation found in React per l'inlining della dichiarazione dell'interfaccia utente in un singolo file." Questo dovrebbe significare che quando scrivi un codice React (o ReactNative) devi usare JavaScript inline?
Reagirebbe quindi essere bloccato per impostazione predefinita da un Content Security Policy (CSP)?
In base al link :
A Content Security Policy (CSP) provides security controls which can mitigate attacks such as cross-site scripting (XSS) and other attacks based on introducing malicious or otherwise undesirable content into a web application. A CSP achieves this by specifying a whitelist of content sources for a web application that a compatible browser then enforces. A large variety of content can be controlled using a CSP including scripts, images and audio or video.
By default, a CSP also implements other mitigations beyond whitelisting content sources. The main additional mitigations are:
- Inline JavaScript will not execute: this mitigates the most common types of XSS attacks.
- JavaScript code will not be created from strings: this prevents attackers abusing JavaScript functionality to execute arbitrary JavaScript code.
P.S. Sono totalmente nuovo in React.