|
|
|
|
|
|
by Seb-C
2076 days ago
|
|
|
Sorry, I just re-read my initial comment and I think the way I wrote it was misleading. My case was about the allow-scripts directive of the sandboxed iframe, which I thought was linked to the csp mechanism, but now that I checked the documentation, it seems that I was wrong. I basically display a random HTML document in an sandboxed iframe with disabled scripts. When you do so on Chrome and Firefox, the event listeners injected inside the iframe from a script in the parent frame still works, but on Safari it does not because all the scripts (or events) inside the iframe are disabled. So rather that relying on this mechanism, I used DOMPurify to filter all the scripts. |
|
|