W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2012

correct CSP frame-src value for a scripted iframe src?

From: Ingo Chao <ichaocssd@googlemail.com>
Date: Tue, 1 May 2012 22:19:03 +0200
Message-ID: <CAAET60XfpUjPM-dtccset0kH6V+7EgLBgrCG12-gDt9fM8A-7w@mail.gmail.com>
To: public-webappsec@w3.org
A html file contains
<iframe src="javascript:''"></iframe>

Chrome logs:
"[Report Only] Refused to load frame from 'about:blank' because of
Content-Security-Policy."

What would be the correct frame-src value that allows it?

Thanks,
Ingo Chao
Received on Wednesday, 2 May 2012 15:07:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 2 May 2012 15:07:21 GMT