W3C home > Mailing lists > Public > public-web-security@w3.org > April 2011

Re: style-src and inline style

From: Adam Barth <w3c@adambarth.com>
Date: Thu, 7 Apr 2011 00:05:40 -0700
Message-ID: <BANLkTik=2ZTeoMVjWSMp41765TSh52Tg7A@mail.gmail.com>
To: Bil Corry <bil@corry.biz>
Cc: Collin Jackson <collin.jackson@sv.cmu.edu>, Brandon Sterne <bsterne@mozilla.com>, gaz Heyes <gazheyes@gmail.com>, Daniel Veditz <dveditz@mozilla.com>, public-web-security@w3.org
On Thu, Apr 7, 2011 at 12:00 AM, Bil Corry <bil@corry.biz> wrote:
> Collin Jackson wrote on 4/6/2011 12:33 PM:
>> Blocking inline styles for people who do use style-src seems both
>> consistent and desirable.
>
> One use case to consider: I want to allow only HTTPS stylesheets, and allow
> inline styles specifically for framebusting:
>
>        https://www.codemagi.com/blog/post/194

Sure, but that would work if there was an "allow-inline-style" option
(or if you could use the frame-ancestors directive).

Adam
Received on Thursday, 7 April 2011 07:06:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 7 April 2011 07:06:40 GMT