CSP: `script-src-attr`, `script-src-elem`, `style-src-attr`, `style-src-elem` directives
These 4 new directives provide the functionality of the script/style directive but with more granularity, applying to elements or attributes.
Documentation
Specification
Status in Chromium
Blink>SecurityFeature>ContentSecurityPolicy
Enabled by default (tracking bug) in:
- Chrome for desktop release 75
- Chrome for Android release 75
- Android WebView release 75
Consensus & Standardization
After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.
- Mixed public signals
- Mixed public signals
- Mixed public signals
- Positive
Owner
Intent to Implement url
Intent to Implement threadLast updated on 2019-03-18