W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2012

Re: CSP - 'unsafe-inline' for 'style-src' directive, actually unsafe?

From: Giorgio Maone <g.maone@informaction.com>
Date: Tue, 20 Mar 2012 12:26:17 +0100
Message-ID: <4F686959.2040807@informaction.com>
To: public-webappsec@w3.org
On 20/03/2012 11:03, David Bruant wrote:

> Sorry to ask if the question is stupid, but how do you include
> JavaScript in CSS? I've never heard of such a thing being possible.
> 
> David

1) Microsoft's "Dynamic Properties" AKA expression() property,
discontinued in IE8 but still available in backward compat modes:
http://msdn.microsoft.com/en-us/library/ms537634%28v=vs.85%29.aspx

2) Mozilla's XBL bindings:
https://developer.mozilla.org/en/XBL/XBL_1.0_Reference/Binding_Attachment_and_Detachment#Attachment_using_CSS

-- G
Received on Tuesday, 20 March 2012 11:26:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 20 March 2012 11:26:52 GMT