- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Sun, 27 Jul 2014 13:12:47 +0200
- To: Brad Hill <hillbrad@gmail.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Fri, Jul 25, 2014 at 9:53 PM, Brad Hill <hillbrad@gmail.com> wrote: > Should we require 'unsafe-inline' in img-src to allow inline SVG to be rendered? No. Inline SVG is no different from HTML. The "3.6 Policy applicability" section is super confusing I think when it comes to how all these things fit together. "Inline" SVG is completely different from <img src=svg> or HTML fetched through XMLHttpRequest. -- http://annevankesteren.nl/
Received on Sunday, 27 July 2014 11:13:15 UTC