Steps to reproduce
Create a Page with CSP and insert a SVG image with inline styling.
CSP in PHP:
header ("Content-Security-Policy: default-src 'self';");
All browsers but Edge will allow inline style on external svg images. Not sure if Edge or all others are wrong.
Comments and activity
Seems that Edge is wrong, considering the Subresources point in the spec
- Microsoft Edge Team
Changed Assigned To to “Ibrahim O.”
Changed Assigned To to “Bogdan B.”