|
|
|
|
|
|
by chatmasta
1164 days ago
|
|
|
Oh wow TIL. Very interesting. And since 2014 too? Nice. They must have done that around the same time Google did it for GMail. I wonder if it's still true. I imagine they have some Content-Security-Policy preventing it so you can't do hacks like embedding an external URL in an SVG. |
|
|
content-security-policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'