Dirk Raeder

Results 2 comments of Dirk Raeder

Inline <style> elements violates style-src Content Security Policy

If the injected style is able to break out of its context, it can do all kinds of bad stuff. There's a neat introduction to mutational XSS here: https://www.youtube.com/watch?v=lG7U3fuNw3A So,...

Inline <style> elements violates style-src Content Security Policy

While checking some alternative frameworks, I found that many components use dynamically calculated values for the `style` attribute. This is true for Angular as well. Two examples I've got at...