CSP blocking native HTML5 styling

Fixed Issue #7153360


Marc M.
Apr 8, 2016
This issue is public.
Found in
  • Microsoft Edge
Fixed in build #
Reported by 2 people

Sign in to watch or report this issue.

Steps to reproduce

Serve a page under a restrictive Content Security Policy. Specifically with style-src 'self'. Include HTML5 elements like <progress> or <input type="range">.
Note the errors in the console :(. These elements become impossible to style and sometimes even impossible to use. Edge appears to be blocking it’s own styles.
Adding 'unsafe-inline' to style-src works around the problem, but that’s not a viable long-term fix.


0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Bogdan B.”

      Changed Assigned To to “Sermet I.”

      Changed Assigned To to “wwatri”

      Changed Assigned To to “Sermet I.”

      Changed Assigned To to “wwatri”

      Changed Assigned To from “wwatri” to “Daniel L.”

      Changed Status to “Confirmed”

      Changed Assigned To from “Daniel L.” to “Liang Z.”

      Changed Status from “Confirmed” to “Fixed”

    • Hello,

      Thank you for providing this information about the issue. We are pleased to report this feature is fixed in Edge 15063 and is available in our latest Insider Preview build.

      Best Wishes,
      The MS Edge Team

    You need to sign in to your Microsoft account to add a comment.

    Sign in