Currently, the icon for dragging a checkbox up and down is rendered using a base64'd version of the image (here).
The icon itself isn't the problem but sites using CSP have to allow data: in their rule to allow this icon to load and allowing the entire host just for this image is risky as mentioned here.
Currently, the icon for dragging a checkbox up and down is rendered using a base64'd version of the image (here).
The icon itself isn't the problem but sites using CSP have to allow
data:
in their rule to allow this icon to load and allowing the entire host just for this image is risky as mentioned here.