W3cubDocs

/HTTP

CSP: style-src-attr

CSP: style-src-attr

The HTTP Content-Security-Policy (CSP) style-src-attr directive specifies valid sources for inline styles applied to individual DOM elements.

CSP version 3
Directive type Fetch directive
default-src fallback

Yes. If this directive is absent, the user agent will look for the style-src directive, and if both of them are absent, fallback to default-src directive.

Syntax

One or more sources can be allowed for the style-src-attr policy:

Content-Security-Policy: style-src-attr <source>;
Content-Security-Policy: style-src-attr <source> <source>;

style-src-attr can be used in conjunction with style-src:

Content-Security-Policy: style-src <source>;
Content-Security-Policy: style-src-attr <source>;

Sources

<source> can be any one of the values listed in CSP Source Values.

Note that this same set of values can be used in all fetch directives (and a number of other directives).

Examples

TBD

Specifications

Browser compatibility

Desktop Mobile
Chrome Edge Firefox Internet Explorer Opera Safari WebView Android Chrome Android Firefox for Android Opera Android Safari on IOS Samsung Internet
style-src-attr
75
79
No
No
62
preview
75
75
No
No
No
11.0

See also

© 2005–2022 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src-attr