Re: unsafe-inline for style-src

On 20/09/2012 20:30, Boris Zbarsky wrote:
> On 9/20/12 2:16 PM, Adam Barth wrote:
>> Maybe it only works for data that's been pre-filled into input@value ?
> 
> It would work for that, yes.

...like most CSRF tokens.

-- G

Received on Thursday, 20 September 2012 18:40:54 UTC