CSP and SVG

Issue #7657500 • Assigned to Bogdan B.

Details

Author
Adrian E.
Created
May 23, 2016
Privacy
This issue is public.
Found in
  • Microsoft Edge
Found in build #
13.10586
Reports
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

Create a Page with CSP and insert a SVG image with inline styling.
CSP in PHP:

    header ("Content-Security-Policy: default-src 'self';");

All browsers but Edge will allow inline style on external svg images. Not sure if Edge or all others are wrong.

Attachments

0 attachments

    Comments and activity

    • Seems that Edge is wrong, considering the Subresources point in the spec

    • Microsoft Edge Team

      Changed Assigned To to “Ibrahim O.”

      Changed Assigned To to “Bogdan B.”

    You need to sign in to your Microsoft account to add a comment.

    Sign in