<-security-policy” content=”default-src *; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.zhangyue.co *.baidu; style-src * 'unsafe-inline'; img-src * data: ” />