diff --git a/includes/seckit.form.inc b/includes/seckit.form.inc
index 504a2c4..b229119 100644
--- a/includes/seckit.form.inc
+++ b/includes/seckit.form.inc
@@ -73,6 +73,7 @@ function seckit_admin_form() {
// CSP default-src directive
$form['seckit_xss']['csp']['default-src'] = array(
'#type' => 'textfield',
+ '#maxlength'=> 1024,
'#default_value' => $options['seckit_xss']['csp']['default-src'],
'#title' => 'default-src',
'#description' => t("Specify security policy for all types of content, which are not specified further (frame-ancestors excepted). Default is 'self'."),
@@ -80,6 +81,7 @@ function seckit_admin_form() {
// CSP script-src directive
$form['seckit_xss']['csp']['script-src'] = array(
'#type' => 'textfield',
+ '#maxlength'=> 1024,
'#default_value' => $options['seckit_xss']['csp']['script-src'],
'#title' => 'script-src',
'#description' => t('Specify trustworthy sources for <script> elements.'),
@@ -87,6 +89,7 @@ function seckit_admin_form() {
// CSP object-src directive
$form['seckit_xss']['csp']['object-src'] = array(
'#type' => 'textfield',
+ '#maxlength'=> 1024,
'#default_value' => $options['seckit_xss']['csp']['object-src'],
'#title' => 'object-src',
'#description' => t('Specify trustworthy sources for <object>, <embed> and <applet> elements.'),
@@ -94,6 +97,7 @@ function seckit_admin_form() {
// CSP style-src directive
$form['seckit_xss']['csp']['style-src'] = array(
'#type' => 'textfield',
+ '#maxlength'=> 1024,
'#default_value' => $options['seckit_xss']['csp']['style-src'],
'#title' => 'style-src',
'#description' => t('Specify trustworthy sources for stylesheets. Note, that inline stylesheets and style attributes of HTML elements are allowed.'),
@@ -101,6 +105,7 @@ function seckit_admin_form() {
// CSP img-src directive
$form['seckit_xss']['csp']['img-src'] = array(
'#type' => 'textfield',
+ '#maxlength'=> 1024,
'#default_value' => $options['seckit_xss']['csp']['img-src'],
'#title' => 'img-src',
'#description' => t('Specify trustworthy sources for <img> elements.'),
@@ -108,6 +113,7 @@ function seckit_admin_form() {
// CSP media-src directive
$form['seckit_xss']['csp']['media-src'] = array(
'#type' => 'textfield',
+ '#maxlength'=> 1024,
'#default_value' => $options['seckit_xss']['csp']['media-src'],
'#title' => 'media-src',
'#description' => t('Specify trustworthy sources for <audio> and <video> elements.'),
@@ -115,6 +121,7 @@ function seckit_admin_form() {
// CSP frame-src directive
$form['seckit_xss']['csp']['frame-src'] = array(
'#type' => 'textfield',
+ '#maxlength'=> 1024,
'#default_value' => $options['seckit_xss']['csp']['frame-src'],
'#title' => 'frame-src',
'#description' => t('Specify trustworthy sources for <iframe> and <frame> elements.'),
@@ -122,6 +129,7 @@ function seckit_admin_form() {
// CSP font-src directive
$form['seckit_xss']['csp']['font-src'] = array(
'#type' => 'textfield',
+ '#maxlength'=> 1024,
'#default_value' => $options['seckit_xss']['csp']['font-src'],
'#title' => 'font-src',
'#description' => t('Specify trustworthy sources for @font-src CSS loads.'),
@@ -129,6 +137,7 @@ function seckit_admin_form() {
// CSP connect-src directive
$form['seckit_xss']['csp']['connect-src'] = array(
'#type' => 'textfield',
+ '#maxlength'=> 1024,
'#default_value' => $options['seckit_xss']['csp']['connect-src'],
'#title' => 'connect-src',
'#description' => t('Specify trustworthy sources for XMLHttpRequest, WebSocket and EventSource connections.'),
@@ -136,6 +145,7 @@ function seckit_admin_form() {
// CSP report-uri directive
$form['seckit_xss']['csp']['report-uri'] = array(
'#type' => 'textfield',
+ '#maxlength'=> 1024,
'#default_value' => $options['seckit_xss']['csp']['report-uri'],
'#title' => 'report-uri',
'#description' => t('Specify a URL (relative to the Drupal root) to which user-agents will report CSP violations. Use the default value, unless you have set up an alternative handler for these reports. Defaults to admin/config/system/seckit/csp-report
which logs the report data in watchdog.'),
@@ -143,6 +153,7 @@ function seckit_admin_form() {
// CSP policy-uri directive
$form['seckit_xss']['csp']['policy-uri'] = array(
'#type' => 'textfield',
+ '#maxlength'=> 1024,
'#default_value' => $options['seckit_xss']['csp']['policy-uri'],
'#title' => 'policy-uri',
'#description' => t("Specify a URL (relative to the Drupal root) for a file containing the (entire) policy. All other directives will be omitted by Security Kit, as policy-uri
may only be defined in the absence of other policy definitions in the X-Content-Security-Policy
HTTP header. The MIME type for this URI must be text/x-content-security-policy
, otherwise user-agents will enforce the policy allow 'none'
instead."),