W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2012

correct CSP frame-src value for a scripted iframe src?

From: Ingo Chao <ichaocssd@googlemail.com>
Date: Tue, 1 May 2012 22:19:03 +0200
Message-ID: <CAAET60XfpUjPM-dtccset0kH6V+7EgLBgrCG12-gDt9fM8A-7w@mail.gmail.com>
To: public-webappsec@w3.org

A html file contains
<iframe src="javascript:''"></iframe>

Chrome logs:
"[Report Only] Refused to load frame from 'about:blank' because of
Content-Security-Policy."

What would be the correct frame-src value that allows it?

Thanks,
Ingo Chao

Received on Wednesday, 2 May 2012 15:07:20 UTC

This message: [ Message body ]
Next message: Arthur Barstow: "CfC: to stop work on From-Origin spec; deadline May 8"
Previous message: Ingo Chao: "correct CSP frame-src value for a scripted iframe src?"
Next in thread: Adam Barth: "Re: correct CSP frame-src value for a scripted iframe src?"
Reply: Adam Barth: "Re: correct CSP frame-src value for a scripted iframe src?"

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:28 UTC