The secret goal of CSP is to become so complicated that people give up and just fix their apps' XSS problems the right way.
-
-
Replying to @BRIAN_____
People continuously think about reducing payload, with CSP the payload increases tremendously. And what do we gain, again?
2 replies 0 retweets 0 likes
Replying to @frederik_bosch
I think we'll be able to derive a nice declarative language for static analysis from it to prevent XSS at development time.
12:54 PM - 27 Jan 2017
0 replies
0 retweets
2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.