CSP blocking native HTML5 styling

Fixed, flighted Issue #7153360

Details

Author
Marc M.
Created
Apr 8, 2016
Privacy
This issue is public.
Found in
  • Microsoft Edge
Fixed in build #
15002
Reports
Reported by 2 people

Sign in to watch or report this issue.

Steps to reproduce

Serve a page under a restrictive Content Security Policy. Specifically with style-src 'self'. Include HTML5 elements like <progress> or <input type="range">.
Note the errors in the console :(. These elements become impossible to style and sometimes even impossible to use. Edge appears to be blocking it’s own styles.
Adding 'unsafe-inline' to style-src works around the problem, but that’s not a viable long-term fix.

Attachments

0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Bogdan B.”

      Changed Assigned To to “Sermet I.”

      Changed Assigned To to “wwatri”

      Changed Assigned To to “Sermet I.”

      Changed Assigned To to “wwatri”

      Changed Assigned To from “wwatri” to “Daniel L.”

      Changed Status to “Confirmed”

      Changed Assigned To from “Daniel L.” to “Liang Z.”

      Changed Status from “Confirmed” to “Fixed, not yet flighted”

      Changed Status from “Fixed, not yet flighted” to “Fixed, flighted”

    You need to sign in to your Microsoft account to add a comment.

    Sign in