Skip to content
This repository has been archived by the owner on Jan 17, 2023. It is now read-only.

Remove unsafe-inline style-src from CSP #2424

Closed
g-k opened this issue Mar 20, 2017 · 3 comments
Closed

Remove unsafe-inline style-src from CSP #2424

g-k opened this issue Mar 20, 2017 · 3 comments
Labels
security Security issue: can be an active issue, or related to security hygene
Milestone

Comments

@g-k
Copy link
Contributor

g-k commented Mar 20, 2017

Nice to have.

Can be used to exfiltrate data or deface the site: https://mikewest.org/2013/09/xss-no-the-other-s-cssconfeu-2013

@jvehent jvehent added the security Security issue: can be an active issue, or related to security hygene label Mar 20, 2017
@ckprice ckprice added this to the Next Tasks milestone Mar 20, 2017
@ckprice
Copy link

ckprice commented Mar 20, 2017

Ian thinks we had a reason why this is here. Nice to have == Next

@ghost ghost modified the milestones: Next Tasks, Blue Sky Jun 28, 2017
@ianb
Copy link
Contributor

ianb commented Jan 10, 2018

We have a lot of reasons we need to do inline styles.

@ianb ianb closed this as completed Jan 10, 2018
@g-k
Copy link
Contributor Author

g-k commented Jan 29, 2018

We have a lot of reasons we need to do inline styles.

@ianb can you elaborate on where or when we need them? This would still be nice to have from a security perspective.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
security Security issue: can be an active issue, or related to security hygene
Projects
None yet
Development

No branches or pull requests

4 participants