- From: Tanvi Vyas <tanvi@mozilla.com>
- Date: Fri, 04 May 2012 12:35:07 -0700
- To: Ingo Chao <ichaocssd@googlemail.com>
- CC: public-webappsec@w3.org
What does your Content Security Policy header look like? You may need to allow unsafe-inline for the javascript:... to work. On 4/30/12 6:43 AM, Ingo Chao wrote: > A html file contains > <iframe src="javascript:''"></iframe> > > Chrome logs: > "[Report Only] Refused to load frame from 'about:blank' because of > Content-Security-Policy." > > What would be the correct frame-src value that allows it? > > Thanks, > Ingo Chao > >
Received on Friday, 4 May 2012 19:36:14 UTC