Open Bug 1513623 Opened 2 years ago Updated 5 months ago
CSP blocking inline style loses the style attribute value
Simple testcase is attached; see the console and compare to other browsers. The code added in bug 763879 was not reviewed by a DOM peer. That early return drops the attribute value on the floor, setting the value to "". There is some thought on maybe making that be what it means to block inline style (see discussion in <https://github.com/w3c/webappsec-csp/issues/212>) but I wanted to get this on file in the meantime.
Priority: -- → P3
See Also: → https://github.com/w3c/webappsec-csp/issues/212
Whiteboard: [domsecurity-backlog2] → [domsecurity-backlog1]
You need to log in before you can comment on or make changes to this bug.