Hacker News new | past | comments | ask | show | jobs | submit login

It actually can't. Instagram does use this protect java-script injection from extensions, but clearly injecting CSS is allowed.



But could you use CSP to block the image loading that happens in the CSS with 'img-src' definitions?

Someone else in this thread suggested that as well.


The requested resource, however, could be blocked by a CSP.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: