I so wish this one sparrow would a summer make :) #xsshttps://twitter.com/garethheyes/status/1022392850183536640 …
-
-
Interesting. Ultimately, everything combating XSS on client side likely relies on some browser feature. E.g. sanitizers rely on inert documents. The reason CSP did not fix XSS is maybe that the primitive was not fitting? Per document header instead of e.g. an API to use by libs?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I'm working on something that attempts to fit more into how js apps are written now. More configurable, more local, but auditable. Bit it still is a browser feature, not fully userland. Curious what's your take onhttps://github.com/WICG/trusted-types …
-
Templating libs using that primitive to guard against XSS (instead of being surprised by a global header they can't even see) is exactly the use case.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.