Y
Hacker News
new
|
ask
|
show
|
jobs
by
maxchehab
3047 days ago
It actually can't. Instagram does use this protect java-script injection from extensions, but clearly injecting CSS is allowed.
2 comments
sbarre
3047 days ago
But could you use CSP to block the image loading that happens in the CSS with 'img-src' definitions?
Someone else in this thread suggested that as well.
link
15155
3047 days ago
The requested resource, however, could be blocked by a CSP.
link
Someone else in this thread suggested that as well.