W3C home > Mailing lists > Public > public-web-security@w3.org > April 2011

Re: style-src and inline style

From: Collin Jackson <collin.jackson@sv.cmu.edu>
Date: Wed, 6 Apr 2011 12:33:55 -0700
Message-ID: <BANLkTimbkxFmM_GE03nqk==YRwpQ6BV-cg@mail.gmail.com>
To: Brandon Sterne <bsterne@mozilla.com>
Cc: gaz Heyes <gazheyes@gmail.com>, Adam Barth <w3c@adambarth.com>, Daniel Veditz <dveditz@mozilla.com>, public-web-security@w3.org
On Wed, Apr 6, 2011 at 11:40 AM, Brandon Sterne <bsterne@mozilla.com> wrote:
>
> Personally, I think consistency is desirable, but not if it makes the
> work of CSP server implementors necessarily hard ("now go remove all
> instances of inline style") for limited benefit.


Presumably most authors are not going to use style-src since it doesn't
solve any XSS problems. Blocking inline styles for people who do use
style-src seems both consistent and desirable.
Received on Wednesday, 6 April 2011 19:38:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 6 April 2011 19:38:31 GMT