CSP: `script-src-attr`, `script-src-elem`, `style-src-attr`, `style-src-elem` directives - Chrome Platform Status

Feature: CSP: `script-src-attr`, `script-src-elem`, `style-src-attr`, `style-src-elem` directives

These 4 new directives provide the functionality of the script/style directive but with more granularity, applying to elements or attributes.

Documentation

Specification

Status in Chromium

Blink components: Blink>SecurityFeature>ContentSecurityPolicy

Enabled by default (tracking bug) in:

Chrome for desktop release 75
Chrome for Android release 75
Android WebView release 75

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: No signal
Edge: No signal
Safari: No signal
Web Developers: Positive

Owner

andypaicu@chromium.org

Intent to Prototype url

Intent to Prototype thread

Last updated on 2020-11-09