Edge does not allow inline style on external SVG images with CSP header - other browsers work

Fixed Issue #7657500

Details

Author
Adrian E.
Created
May 23, 2016
Privacy
This issue is public.
Found in
  • Microsoft Edge
Found in build #
13.10586
Fixed in build #
17.17707
Reports
Reported by 6 people

Sign in to watch or report this issue.

Steps to reproduce

Create a Page with CSP and insert a SVG image with inline styling.
CSP in PHP:

    header ("Content-Security-Policy: default-src 'self';");

All browsers but Edge will allow inline style on external svg images. Not sure if Edge or all others are wrong.

Attachments

0 attachments

    Comments and activity

    • Seems that Edge is wrong, considering the Subresources point in the spec

    • Microsoft Edge Team

      Changed Assigned To to “Ibrahim O.”

      Changed Assigned To to “Bogdan B.”

    • Problem still exists in Microsoft EdgeHTML 14.14393 (Microsoft Edge 38.14393.1066.0)

    • Microsoft Edge Team

      Changed Assigned To to “wptsixtri@microsoft.com”

    • Microsoft Edge 41.16299.402.0
      Microsoft EdgeHTML 16.16299

      Problems still exist :( - any plans of fixing this… ever?

    • Microsoft Edge Team

      Changed Title from “CSP and SVG” to “Edge does not allow inline style on external SVG images with CSP header - other browsers work”

      Changed Assigned To to “wwatri”

      Changed Assigned To from “wwatri” to “Liang Z.”

      Changed Status to “Confirmed”

      Changed Status from “Confirmed” to “Fixed”

    • Hello,

      Thank you for providing this information about the issue. We are pleased to report this feature is fixed in Edge and will be available in an upcoming insider build.

      Best Wishes,
      The MS Edge Team

    You need to sign in to your Microsoft account to add a comment.

    Sign in