Steps to reproduce
The following CSP blocks external SVGs in iframes:
Minimal example reproduced here:
Expected: SVG should be visible (which is true for all other browsers)
Actual: SVG is blocked
Code to reproduce here:
Comments and activity
This also blocks data URI SVGs from loading as well.
- Microsoft Edge Team
Changed Assigned To to “Rick J.”
Changed Assigned To to “wwatri”
We encountered the same issue. Could you please have it fixed. It is a security issue.