W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2012

correct CSP frame-src value for a scripted iframe src?

From: Ingo Chao <ichaocssd@googlemail.com>
Date: Mon, 30 Apr 2012 15:43:04 +0200
Message-ID: <CAAET60UFZ_ws_3328ROWKOM0WRbB2XcHYoOECdY-rZyREXaNqA@mail.gmail.com>
To: public-webappsec@w3.org
A html file contains
<iframe src="javascript:''"></iframe>

Chrome logs:
"[Report Only] Refused to load frame from 'about:blank' because of

What would be the correct frame-src value that allows it?

Ingo Chao
Received on Wednesday, 2 May 2012 15:07:18 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:28 UTC