The RSA site got pwned due to third-party JS. Dare I say some form of sub-resource integrity might have helped? http://krebsonsecurity.com/2014/05/complexity-as-the-enemy-of-security/ …
-
-
@BRIAN_____: Put another way, what does GA need to run? And how can we give it just that?@frgx -
-
@BRIAN_____@mikewest When GA wants to update the set of listeners to add (say new spec) how will GA update it across the web? -
New conversation -
-
-
@BRIAN_____: Ok. How would that look? <iframe sandbox> splits permissions into a rough set of chunks. Could we do better for <script>?@frgxThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.