W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2012

Re: unsafe-inline for style-src

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Tue, 18 Sep 2012 20:12:07 -0400
Message-ID: <50590DD7.4050402@mit.edu>
To: public-webappsec@w3.org
On 9/18/12 6:40 PM, Mike West wrote:
>> * doc.body.setAttribute("style", "...");
...
>> * doc.body.style.background = "...";

There is no functional different between those two.  Especially not if 
you actually consider:

   doc.body.style.cssText = "....";

-Boris
Received on Wednesday, 19 September 2012 00:12:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 19 September 2012 00:12:38 GMT