How can an inline style cause security problems?

Asked

Viewed 50 times

1

Working with the Twitter API, I received the following message in the browser when trying to authenticate:

Refused to apply inline style because it violates the following Content Security Policy Directive: "style-src https://abs.twimg.com https://abs-0.twimg.com". Either the 'unsafe-inline' keyword, a hash ('sha256-4Su6mBWzEIFnH4pAGMOuaeBrstwJN4Z3pq/s1Kn4/KQ=') or a nonce ('nonce-...') is required to enable inline Execution.

Researching about the problem, I found about the Content Security Policy (CSP) that dictates some rules on safety, but I did not find something that explains how this would be a problem.

  • 1

    See here: http://stackoverflow.com/questions/17766817/refused-to-apply-inline-style-because-it-violates-the-following-content-security and this other link that talks like inline http://dontkry.com/posts/disable-inline-styles.htmlmay be "unsafe"

No answers

Browser other questions tagged

You are not signed in. Login or sign up in order to post.