W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2012

correct CSP frame-src value for a scripted iframe src?

From: Ingo Chao <ichaocssd@googlemail.com>
Date: Mon, 30 Apr 2012 15:43:04 +0200
Message-ID: <CAAET60UFZ_ws_3328ROWKOM0WRbB2XcHYoOECdY-rZyREXaNqA@mail.gmail.com>
To: public-webappsec@w3.org
A html file contains
<iframe src="javascript:''"></iframe>

Chrome logs:
"[Report Only] Refused to load frame from 'about:blank' because of
Content-Security-Policy."

What would be the correct frame-src value that allows it?

Thanks,
Ingo Chao
Received on Wednesday, 2 May 2012 15:07:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 2 May 2012 15:07:19 GMT