- From: Adam Barth <w3c@adambarth.com>
- Date: Wed, 2 May 2012 09:41:03 -0700
- To: Ingo Chao <ichaocssd@googlemail.com>
- Cc: public-webappsec@w3.org
On Tue, May 1, 2012 at 1:19 PM, Ingo Chao <ichaocssd@googlemail.com> wrote: > A html file contains > <iframe src="javascript:''"></iframe> > > Chrome logs: > "[Report Only] Refused to load frame from 'about:blank' because of > Content-Security-Policy." > > What would be the correct frame-src value that allows it? You're running into a bug in WebKit's implementation: https://bugs.webkit.org/show_bug.cgi?id=85233 It's not sensible to block about:blank documents because you get a blank document when a URL is blocked. :) I'll fix it soon. Thanks! Adam
Received on Wednesday, 2 May 2012 16:42:09 UTC