W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2012

correct CSP frame-src value for a scripted iframe src?

From: Ingo Chao <ichaocssd@googlemail.com>
Date: Tue, 1 May 2012 22:19:03 +0200
Message-ID: <CAAET60XfpUjPM-dtccset0kH6V+7EgLBgrCG12-gDt9fM8A-7w@mail.gmail.com>
To: public-webappsec@w3.org
A html file contains
<iframe src="javascript:''"></iframe>

Chrome logs:
"[Report Only] Refused to load frame from 'about:blank' because of

What would be the correct frame-src value that allows it?

Ingo Chao
Received on Wednesday, 2 May 2012 15:07:20 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:28 UTC