diff --git a/source b/source index 6d8c47aa991..99240e590d6 100644 --- a/source +++ b/source @@ -15468,6 +15468,14 @@ people expect to have work and what is necessary. data-x="attr-meta-content">content attribute will be enforced upon the current document.

+

At the time of inserting the meta element to the document, it is + possible that some resources have already been fetched. For example, images might be stored in + the list of available images prior to dynamically inserting a meta + element with an http-equiv attribute in the Content security policy state. + Resources that have already been fetched are not guaranteed to be blocked by a Content + Security Policy that's enforced late.

+

A page might choose to mitigate the risk of cross-site scripting attacks by preventing the