问题
I have HTML document with Content Security Policy.
<meta http-equiv="Content-Security-Policy" content="style-src 'self'">
I create SVG element, set style property and append the element to the document.
const el = document.createElementNS('http://www.w3.org/2000/svg', 'svg');
el.style.background = 'green';
document.body.appendChild(el);
In Firefox I get a Content Security Policy error, and the styles are not applied. There is no error in Chrome. There is no error for DIV element in Firefox.
Is this behavior expected or is it an implementation bug?
The demo below should display two green boxes in Chrome. In Firefox the right box would be red.
https://pste.eu/p/gKqO.html
来源:https://stackoverflow.com/questions/51939184/csp-rules-applied-differently-to-svg-in-firefox