- From: Adam Barth <w3c@adambarth.com>
- Date: Thu, 7 Apr 2011 00:05:40 -0700
- To: Bil Corry <bil@corry.biz>
- Cc: Collin Jackson <collin.jackson@sv.cmu.edu>, Brandon Sterne <bsterne@mozilla.com>, gaz Heyes <gazheyes@gmail.com>, Daniel Veditz <dveditz@mozilla.com>, public-web-security@w3.org
On Thu, Apr 7, 2011 at 12:00 AM, Bil Corry <bil@corry.biz> wrote: > Collin Jackson wrote on 4/6/2011 12:33 PM: >> Blocking inline styles for people who do use style-src seems both >> consistent and desirable. > > One use case to consider: I want to allow only HTTPS stylesheets, and allow > inline styles specifically for framebusting: > > https://www.codemagi.com/blog/post/194 Sure, but that would work if there was an "allow-inline-style" option (or if you could use the frame-ancestors directive). Adam
Received on Thursday, 7 April 2011 07:06:40 UTC